lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20180316.101636.803564728843702383.davem@davemloft.net>
Date:   Fri, 16 Mar 2018 10:16:36 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     mgamal@...hat.com
Cc:     netdev@...r.kernel.org, sthemmin@...rosoft.com,
        devel@...uxdriverproject.org, vkuznets@...hat.com,
        otubo@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hv_netvsc: Make sure out channel is fully opened on
 send

From: Mohammed Gamal <mgamal@...hat.com>
Date: Tue, 13 Mar 2018 20:06:50 +0100

> Dring high network traffic changes to network interface parameters
> such as number of channels or MTU can cause a kernel panic with a NULL
> pointer dereference. This is due to netvsc_device_remove() being
> called and deallocating the channel ring buffers, which can then be
> accessed by netvsc_send_pkt() before they're allocated on calling
> netvsc_device_add()
> 
> The patch fixes this problem by checking the channel state and returning
> ENODEV if not yet opened. We also move the call to hv_ringbuf_avail_percent()
> which may access the uninitialized ring buffer.
> 
> Signed-off-by: Mohammed Gamal <mgamal@...hat.com>

Based upon the discusion on this patch, it looks like this will be fixed
in some other way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ