| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7f4d0c7c-8617-346d-8073-42680662eab6@candelatech.com> Date: Thu, 7 Jun 2018 15:08:39 -0700 From: Ben Greear <greearb@...delatech.com> To: Cong Wang <xiyou.wangcong@...il.com> Cc: Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: [PATCH] net-fq: Add WARN_ON check for null flow. On 06/07/2018 02:52 PM, Cong Wang wrote: > On Thu, Jun 7, 2018 at 2:41 PM, Ben Greear <greearb@...delatech.com> wrote: >> On 06/07/2018 02:29 PM, Cong Wang wrote: >>> >>> On Thu, Jun 7, 2018 at 9:06 AM, <greearb@...delatech.com> wrote: >>>> >>>> --- a/include/net/fq_impl.h >>>> +++ b/include/net/fq_impl.h >>>> @@ -80,6 +80,9 @@ static struct sk_buff *fq_tin_dequeue(struct fq *fq, >>>> >>>> flow = list_first_entry(head, struct fq_flow, flowchain); >>>> >>>> + if (WARN_ON_ONCE(!flow)) >>>> + return NULL; >>>> + >>> >>> >>> How could even possibly list_first_entry() returns NULL? >>> You need list_first_entry_or_null(). >>> >> >> I don't know for certain flow as null, but something was NULL in this method >> near that line and it looked like a likely culprit. >> >> I guess possibly tin or fq was passed in as NULL? > > A NULL pointer is not always 0. You can trigger a NULL-ptr-def with 0x3c > too, but you are checking against 0 in your patch, that is the problem and > that is why list_first_entry_or_null() exists. > Ahh, I see what you mean, and that is my mistake. In my case, it did seem to be a mostly-null deref, not a 0x0 deref. Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists