lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <877ftoi18s.fsf@orebokech.com>
Date:	Tue, 07 Apr 2015 14:14:43 +0200
From:	Romain Francoise <romain@...bokech.com>
To:	Alexey Dobriyan <adobriyan@...il.com>
Cc:	Steffen Klassert <steffen.klassert@...unet.com>,
	davem@...emloft.net, mike@...mi.net, netdev@...r.kernel.org,
	herbert@...dor.apana.org.au
Subject: Re: [PATCH] xfrm: fix xfrm_input/xfrm_tunnel_check oops

On Tue, Apr 07, 2015 at 02:43:41PM +0300, Alexey Dobriyan wrote:
> On Tue, Apr 07, 2015 at 10:57:32AM +0200, Steffen Klassert wrote:
>> On Thu, Apr 02, 2015 at 10:58:24AM +0300, Alexey Dobriyan wrote:
>> > https://bugzilla.kernel.org/show_bug.cgi?id=95211
>> > 
>> > Commit 70be6c91c86596ad2b60c73587880b47df170a41
>> > ("xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer") added check
>> > which dereferences ->outer_mode too early but larval SAs don't have
>> > this pointer set (yet). So check for tunnel stuff later.
>> > 
>> > Mike Noordermeer reported this bug and patiently applied all the debugging.
>> > 
>> > Technically this is remote-oops-in-interrupt-context type of thing.
>> > 
>> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
>> > IP: [<ffffffff8150dca2>] xfrm_input+0x3c2/0x5a0
>> > 	...
>> > [<ffffffff81500fc6>] ? xfrm4_esp_rcv+0x36/0x70
>> > [<ffffffff814acc9a>] ? ip_local_deliver_finish+0x9a/0x200
>> > [<ffffffff81471b83>] ? __netif_receive_skb_core+0x6f3/0x8f0
>> > 	...
>> > 
>> > RIP  [<ffffffff8150dca2>] xfrm_input+0x3c2/0x5a0
>> > Kernel panic - not syncing: Fatal exception in interrupt
>> > 
>> > Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
>> 
>> Good catch!
>> 
>> Applied to the ipsec tree, thanks everyone!

> For the record Mike confirmed that the patch works:
> https://bugzilla.kernel.org/show_bug.cgi?id=95211#c20

Does this only affect configurations that use VTI? It's not clear from
the description.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ