lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161222012101.GF1555@ZenIV.linux.org.uk>
Date:   Thu, 22 Dec 2016 01:21:01 +0000
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Jon Maloy <jon.maloy@...csson.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org,
        parthasarathy.bhuvaragan@...csson.com, ying.xue@...driver.com,
        maloy@...jonn.com, tipc-discussion@...ts.sourceforge.net
Subject: Re: [PATCH net 1/1] tipc: revert use of copy_from_iter_full()

On Wed, Dec 21, 2016 at 08:01:37PM -0500, Jon Maloy wrote:
> commit cbbd26b8b1a6 ("[iov_iter] new primitives - copy_from_iter_full()
> and friends") replaced calls to copy_from_iter() in the function
> tipc_msg_build(). This causes a an immediate crash as follows:

Very interesting.

> [ 1209.597076] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> [ 1209.607025] IP: copy_from_iter_full+0x43/0x290

> [ 1209.689257]  tipc_msg_build+0xe1/0x590 [tipc]
> [ 1209.691479]  ? _raw_spin_unlock_bh+0x1e/0x20
> [ 1209.694641]  ? tipc_node_find+0x30/0xa0 [tipc]
> [ 1209.696789]  __tipc_sendmsg+0x189/0x480 [tipc]
> [ 1209.699017]  ? remove_wait_queue+0x4d/0x60
> [ 1209.700354]  tipc_connect+0x15f/0x1b0 [tipc]
> [ 1209.701684]  SYSC_connect+0xd9/0x110

I don't believe that it's something tipc-specific; could you post an objdump
of copy_from_iter_full() in your kernel?  That smells like a bug in there
and it really ought to be fixed...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ