lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jun 2018 09:44:02 +0800 From: Hangbin Liu <liuhangbin@...il.com> To: "Jorgen S. Hansen" <jhansen@...are.com> Cc: Stefan Hajnoczi <stefanha@...hat.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH net] VSOCK: check sk state before receive On Mon, Jun 04, 2018 at 04:02:39PM +0000, Jorgen S. Hansen wrote: > > > On May 30, 2018, at 11:17 AM, Stefan Hajnoczi <stefanha@...hat.com> wrote: > > > > On Sun, May 27, 2018 at 11:29:45PM +0800, Hangbin Liu wrote: > >> Hmm...Although I won't reproduce this bug with my reproducer after > >> apply my patch. I could still get a similiar issue with syzkaller sock vnet test. > >> > >> It looks this patch is not complete. Here is the KASAN call trace with my patch. > >> I can also reproduce it without my patch. > > > > Seems like a race between vmci_datagram_destroy_handle() and the > > delayed callback, vmci_transport_recv_dgram_cb(). > > > > I don't know the VMCI transport well so I'll leave this to Jorgen. > > Yes, it looks like we are calling the delayed callback after we return from vmci_datagram_destroy_handle(). I’ll take a closer look at the VMCI side here - the refcounting of VMCI datagram endpoints should guard against this, since the delayed callback does a get on the datagram resource, so this could a VMCI driver issue, and not a problem in the VMCI transport for AF_VSOCK. Hi Jorgen, Thanks for helping look at this. I'm happy to run test for you patch. Thanks Hangbin
Powered by blists - more mailing lists