lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8cec0803-701a-be79-802d-bac2e84acbbd@oracle.com>
Date:   Mon, 22 Jan 2018 14:25:47 -0800
From:   Santosh Shilimkar <santosh.shilimkar@...cle.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Honggang Li <honli@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Sowmini Varadhan <sowmini.varadhan@...cle.com>,
        Steve Beattie <sbeattie@...ntu.com>,
        Andy Whitcroft <apw@...onical.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jay Fenlason <fenlason@...hat.com>,
        Network Development <netdev@...r.kernel.org>,
        linux-rdma <linux-rdma@...r.kernel.org>, rds-devel@....oracle.com
Subject: Re: [PATCH] RDS: Fix rds-ping inducing kernel panic

On 1/22/2018 2:17 PM, Kees Cook wrote:
> On Tue, Jan 23, 2018 at 4:01 AM, Santosh Shilimkar
> <santosh.shilimkar@...cle.com> wrote:
>> On 1/22/2018 3:24 AM, Kees Cook wrote:
>>>
>>> As described in: https://bugzilla.redhat.com/show_bug.cgi?id=822754
>>>
>>> Attempting an RDS connection from the IP address of an IPoIB interface
>>> to itself causes a kernel panic due to a BUG_ON() being triggered.
>>> Making the test less strict allows rds-ping to work without crashing
>>> the machine.
>>>
>>> A local unprivileged user could use this flaw to crash the sytem.
>>>
>> Are you able to reproduce this issue on mainline kernel ?
>> IIRC, this sjouldn't happen anymore but if you see it, please
>> let me know. Will try it as well. rds-ping on self
>> loopback device is often tested and used as well for
>> monitoring services in production.
> 
> I don't have an RDS test setup, no. But it sounds like kernels without
> this patch aren't seeing the problem.
>
Yep. Thats what I thought and hence asked.

>> Am not sure if its applicable anymore. Infact the issue with
>> loopback device was due to congestion update and thats been
>> already addressed with commit '18fc25c94: {rds: prevent BUG_ON
>> triggered on congestion update to loopback}'
> 
> That looks very much like it was fixed there. Thanks!
> 
Yeah. Thanks Kees !!

Regards,
Santosh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ