| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 May 2017 11:12:45 -0600
From: David Ahern <dsahern@...il.com>
To: David Miller <davem@...emloft.net>, andreyknvl@...gle.com,
xiyou.wangcong@...il.com
Cc: netdev@...r.kernel.org
Subject: Re: [Patch net] ipv6: initialize route null entry in addrconf_init()
On 5/4/17 10:51 AM, David Miller wrote:
> From: Andrey Konovalov <andreyknvl@...gle.com>
> Date: Thu, 4 May 2017 14:28:37 +0200
>
>> On Thu, May 4, 2017 at 7:07 AM, Cong Wang <xiyou.wangcong@...il.com> wrote:
>>> Andrey reported a crash on init_net.ipv6.ip6_null_entry->rt6i_idev
>>> since it is always NULL.
>>>
>>> This is clearly wrong, we have code to initialize it to loopback_dev,
>>> unfortunately the order is still not correct.
>>>
>>> loopback_dev is registered very early during boot, we lose a chance
>>> to re-initialize it in notifier. addrconf_init() is called after
>>> ip6_route_init(), which means we have no chance to correct it.
>>>
>>> Fix it by moving this initialization explicitly after
>>> ipv6_add_dev(init_net.loopback_dev) in addrconf_init().
>>>
>>> Reported-by: Andrey Konovalov <andreyknvl@...gle.com>
>>> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>
>>
>> Hi Cong,
>>
>> This fixes the bug triggered by my reproducer.
>>
>> Thanks!
>>
>> Tested-by: Andrey Konovalov <andreyknvl@...gle.com>
>
> Applied and queued up for -stable, thanks.
>
This is not the complete solution; it only fixes init_net. It still
blows up when you do:
unshare -n
./rt6_device_match
same exact stack trace
Powered by blists - more mailing lists