lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5ee8574e-154c-3fa6-8b29-09fae1d08861@mellanox.com>
Date:   Wed, 2 May 2018 16:50:28 +0300
From:   Tariq Toukan <tariqt@...lanox.com>
To:     David Miller <davem@...emloft.net>, srn@...mr.com
Cc:     yishaih@...lanox.com, netdev@...r.kernel.org
Subject: Re: [PATCH v2] net/mlx4_en: fix potential use-after-free with
 dma_unmap_page



On 28/04/2018 2:48 AM, David Miller wrote:
> From: Sarah Newman <srn@...mr.com>
> Date: Wed, 25 Apr 2018 21:00:34 -0700
> 
>> When swiotlb is in use, calling dma_unmap_page means that
>> the original page mapped with dma_map_page must still be valid
>> as swiotlb will copy data from its internal cache back to the
>> originally requested DMA location. When GRO is enabled,
>> all references to the original frag may be put before
>> mlx4_en_free_frag is called, meaning the page has been freed
>> before the call to dma_unmap_page in mlx4_en_free_frag.
>>
>> To fix, unmap the page as soon as possible.
>>
>> This can be trivially detected by doing the following:
>>
>> Compile the kernel with DEBUG_PAGEALLOC
>> Run the kernel as a Xen Dom0
>> Leave GRO enabled on the interface
>> Run a 10 second or more test with iperf over the interface.
>>
>> Signed-off-by: Sarah Newman <srn@...mr.com>
> 
> Tariq, I assume I will get this from you in the next set of
> changes you submit to me.
> 
> Thanks.
> 

This patch fixes an issue existing in old kernels. It is not relevant 
per latest code.

So I'm not sure about the process. After I review it, do I just submit 
it again for -stable?

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ