| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jan 2019 12:41:32 +0100
From: Piotr Sawicki <p.sawicki2@...tner.samsung.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Eric Dumazet <eric.dumazet@...il.com>,
Casey Schaufler <casey@...aufler-ca.com>,
syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] ipv6: make icmp6_send() robust against null
skb->dev
On 1/8/19 12:14 PM, Eric Dumazet wrote:
> On Tue, Jan 8, 2019 at 3:08 AM Piotr Sawicki
> <p.sawicki2@...tner.samsung.com> wrote:
>
>> Yes I know. It looks like the Smack's security rule was changed during this process.
>>
>> Firstly the packet was allowed to be received and it was put into the backlog queue. Then, the
>>
>> rule was changed, and during the release phase LSM was called again for the same packet.
>>
>> But this time, Smack denied access and tried to send an ICMPv6 packet to inform a peer.
>>
>> I want to make sure if it is the root cause of this problem.
>>
>>
>> Besides, what is the purpose of setting skb->dev to NULL in __sk_receive_skb() ?
>
> We can not keep a pointer to the device, the device might be
> dismantled/freed before socket backlog can be processed.
>
> Input processing is using RCU, meaning no refcount is taken on the device.
Thanks for explanation.
Powered by blists - more mailing lists