| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180131.103400.2134338827807349026.davem@davemloft.net>
Date: Wed, 31 Jan 2018 10:34:00 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: nikolay@...ulusnetworks.com
Cc: netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org,
syzkaller-bugs@...glegroups.com,
bot+eceb3204562c41a438fa1f2335e0fe4f6886d669@...kaller.appspotmail.com,
kuznet@....inr.ac.ru, roopa@...ulusnetworks.com,
ebiggers3@...il.com
Subject: Re: [PATCH net v2] ip6mr: fix stale iterator
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
Date: Wed, 31 Jan 2018 16:29:30 +0200
> When we dump the ip6mr mfc entries via proc, we initialize an iterator
> with the table to dump but we don't clear the cache pointer which might
> be initialized from a prior read on the same descriptor that ended. This
> can result in lock imbalance (an unnecessary unlock) leading to other
> crashes and hangs. Clear the cache pointer like ipmr does to fix the issue.
> Thanks for the reliable reproducer.
>
> Here's syzbot's trace:
...
> Reported-by: syzbot <bot+eceb3204562c41a438fa1f2335e0fe4f6886d669@...kaller.appspotmail.com>
> Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
> ---
> v2: make sure the trace doesn't ruin the patch
> No fixes tag because it seems this has been there forever.
Applied and queued up for -stable.
Powered by blists - more mailing lists