| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Sep 2018 20:40:52 -0600
From: David Ahern <dsahern@...il.com>
To: Jia-Ju Bai <baijiaju1990@...il.com>, davem@...emloft.net,
kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: ipv6: route: Fix a sleep-in-atomic-context bug in
ip6_convert_metrics()
On 9/1/18 5:19 AM, Jia-Ju Bai wrote:
> The kernel module may sleep with holding a spinlock.
>
> The function call paths (from bottom to top) in Linux-4.16 are:
>
> [FUNC] kzalloc(GFP_KERNEL)
> net/ipv6/route.c, 2430:
> kzalloc in ip6_convert_metrics
> net/ipv6/route.c, 2890:
> ip6_convert_metrics in ip6_route_add
> net/ipv6/addrconf.c, 2322:
> ip6_route_add in addrconf_prefix_route
> net/ipv6/addrconf.c, 3331:
> addrconf_prefix_route in fixup_permanent_addr
> net/ipv6/addrconf.c, 3354:
> fixup_permanent_addr in addrconf_permanent_addr
> net/ipv6/addrconf.c, 3358:
> _raw_write_lock_bh in addrconf_permanent_addr
>
> To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.
>
> This bug is found by my static analysis tool DSAC.
No kernel change is needed. Your static analysis tool and you in sending
out patches need to take into context.
ip6_convert_metrics only calls kzalloc when fc_mx is set. fc_mx is only
set via the RTA_METRICS attribute and only from the userspace call path.
Hence, kzalloc with GFP_KERNEL is the appropriate argument.
Powered by blists - more mailing lists