lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 12 May 2016 09:51:24 -0700
From:	Alexander Duyck <alexander.duyck@...il.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Alexander Duyck <aduyck@...antis.com>,
	Netdev <netdev@...r.kernel.org>,
	David Miller <davem@...emloft.net>,
	Tom Herbert <tom@...bertland.com>
Subject: Re: [net-next PATCH] udp: Resolve NULL pointer dereference

On Wed, May 11, 2016 at 8:43 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Wed, 2016-05-11 at 19:24 -0700, Alexander Duyck wrote:
>> While testing an OpenStack configuration using VXLANs I saw the following
>> call trace:
>
>>
>> I believe the trace is pointing to the call to dev_net(dev) in
>> udp4_lib_lookup_skb.  If I am not mistaken I believe it is possible for us
>> to have skb_dst(skb)->dev be NULL.  So to resolve that I am adding a check
>> for this case and skipping the assignment if such an event occurs.
>
> skb_dst(skb)->dev can be NULL ???

That is what appears to be happening.  Though I can do some more
research into this.

> Why only UDP ipv4 would need a fix, and not ipv6 ?

Yeah, I should probably fix IPv6 as well if there is an issue.

> Looks the bug is somewhere else maybe ?

I was thinking about it last night and I am not certain we should even
see skb_dst(skb) set as Cong mentioned.  I'm wondering if I should
update the code to just use skb->dev because these functions are
currently only used in the GRO path anyway so it isn't as if skb_dst
should be populated.

- Alex

Powered by blists - more mailing lists