| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 02 Nov 2016 11:05:33 -0600 From: subashab@...eaurora.org To: Eric Dumazet <eric.dumazet@...il.com> Cc: netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com> Subject: Re: [PATCH net] net: Check for fullsock in sock_i_uid() > This would be a bug in the caller. > > Can you give us the complete stack trace leading to the problem you > had ? > > Thanks ! Thanks Eric for the clarification. In that case, the bug is in the IDLETIMER target in Android kernel. https://android.googlesource.com/kernel/common/+/android-4.4/net/netfilter/xt_IDLETIMER.c#356 Here is the call stack. -003|rwlock_bug(?, ?) -004|arch_read_lock(inline) -004|do_raw_read_lock(lock = 0xFFFFFFC0354E79C8) -005|raw_read_lock_bh(lock = 0xFFFFFFC0354E79C8) -006|sock_i_uid(sk = 0xFFFFFFC0354E77B0) -007|from_kuid_munged(inline) -007|reset_timer(info = 0xFFFFFFC04D17D218, skb = 0xFFFFFFC018AB98C0) -008|idletimer_tg_target(skb = 0xFFFFFFC018AB98C0, ?) -009|ipt_do_table(skb = 0xFFFFFFC018AB98C0, state = 0xFFFFFFC0017E6F30, ?) -010|iptable_mangle_hook(?, skb = 0xFFFFFFC018AB98C0, state = 0xFFFFFFC0017E6F30) -011|nf_iterate(head = 0xFFFFFFC0019D55B8, skb = 0xFFFFFFC018AB98C0, state = 0xFFFFFFC0017E6F30, elemp = -012|nf_hook_slow(skb = 0xFFFFFFC018AB98C0, state = 0xFFFFFFC0017E6F30) -013|NF_HOOK_COND(inline) -013|ip_output(net = 0xFFFFFFC0019D4B00, sk = 0xFFFFFFC0354E77B0, skb = 0xFFFFFFC018AB98C0) -014|ip_local_out(net = 0xFFFFFFC0019D4B00, sk = 0xFFFFFFC0354E77B0, skb = 0xFFFFFFC018AB98C0) -015|ip_build_and_send_pkt(skb = 0xFFFFFFC018AB98C0, sk = 0xFFFFFFC023F2E880, saddr = 1688053952, daddr = -016|tcp_v4_send_synack(sk = 0xFFFFFFC023F2E880, ?, ?, req = 0xFFFFFFC0354E77B0, foc = 0xFFFFFFC0017E7110 -017|atomic_sub_return(inline) -017|reqsk_put(inline) -017|tcp_conn_request(?, af_ops = 0xFFFFFFC001080FC8, sk = 0xFFFFFFC023F2E880, ?) -018|tcp_v4_conn_request(?, ?) -019|tcp_rcv_state_process(sk = 0xFFFFFFC023F2E880, skb = 0xFFFFFFC018ABAD00) -020|tcp_v4_do_rcv(sk = 0xFFFFFFC023F2E880, skb = 0xFFFFFFC018ABAD00) -021|tcp_v4_rcv(skb = 0xFFFFFFC018ABAD00) -022|ip_local_deliver_finish(net = 0xFFFFFFC0019D4B00, ?, skb = 0xFFFFFFC018ABAD00) -023|NF_HOOK_THRESH(inline) -023|NF_HOOK(inline) -023|ip_local_deliver(skb = 0xFFFFFFC018ABAD00) -024|ip_rcv_finish(net = 0xFFFFFFC0019D4B00, ?, skb = 0xFFFFFFC018ABAD00) -025|NF_HOOK_THRESH(inline) -025|NF_HOOK(inline) -025|ip_rcv(skb = 0xFFFFFFC018ABAD00, dev = 0xFFFFFFC023474000, ?, ?) -026|deliver_skb(inline) -026|deliver_ptype_list_skb(inline) -026|__netif_receive_skb_core(skb = 0x0A73, pfmemalloc = FALSE) -027|__netif_receive_skb(skb = 0xFFFFFFC0BA455D40) -028|netif_receive_skb_internal(skb = 0xFFFFFFC0BA455D40) -029|netif_receive_skb(skb = 0xFFFFFFC0BA455D40) -- Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
Powered by blists - more mailing lists