netdev - Re: [PATCH v2 net] net: sched: fix uses after free

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: <20180317.170436.583222455278265829.davem@davemloft.net>
Date:   Sat, 17 Mar 2018 17:04:36 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     edumazet@...gle.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com,
        john.fastabend@...il.com, jhs@...atatu.com
Subject: Re: [PATCH v2 net] net: sched: fix uses after free

From: Eric Dumazet <edumazet@...gle.com>
Date: Wed, 14 Mar 2018 18:53:00 -0700

> syzbot reported one use-after-free in pfifo_fast_enqueue() [1]
> 
> Issue here is that we can not reuse skb after a successful skb_array_produce()
> since another cpu might have consumed it already.
> 
> I believe a similar problem exists in try_bulk_dequeue_skb_slow()
> in case we put an skb into qdisc_enqueue_skb_bad_txq() for lockless qdisc.
 ...
> Fixes: c5ad119fb6c0 ("net: sched: pfifo_fast use skb_array")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: syzbot+ed43b6903ab968b16f54@...kaller.appspotmail.com

Applied, thanks a lot Eric.