| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpVjJo4gKHGdaJh8mcV5gX+ssmv46UT+25+8-hKk1UUnDg@mail.gmail.com>
Date: Sat, 16 Sep 2017 11:21:59 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Julian Anastasov <ja@....bg>
Cc: Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Lorenzo Colitti <lorenzo@...gle.com>
Subject: Re: Use after free in __dst_destroy_metrics_generic
On Sat, Sep 16, 2017 at 5:40 AM, Julian Anastasov <ja@....bg> wrote:
>
> Hello,
>
> On Fri, 15 Sep 2017, Subash Abhinov Kasiviswanathan wrote:
>
>> > May be I'm missing some posting but I don't see if
>> > the patch was tested successfully.
>> >
>> Hi Julian
>>
>> I've had this patch being tested for the last 3-4 days in our regression rack
>> and I haven't seen the same issue being reproduced or even a related crash
>> or leak in dst.
>
> For now I see only its bug-hiding side effects, i.e.
> it does not call kfree. Now if there is no double-free
> there should be a leak, not for dst but for metrics.
You make very good points. I need to take a deeper look.
>
>> The original issue was reported only once to us from the regression rack only
>> so the exact steps to reproduce is unknown.
>
> OK, lets see, may be others can explain what happens.
>
This makes me thinking if it is possible that we no longer have
the guarantee of metrics address aligned to at least 4?
This seems unlikely since kmalloc() should return at least
word-size-aligned address.
Powered by blists - more mailing lists