lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6b5d5550-07b3-61d7-c3ad-ec31f17fa862@cumulusnetworks.com> Date: Fri, 15 Feb 2019 16:12:18 +0200 From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> To: Tomas Paukrt <Tomas.Paukrt@...antech-bb.cz>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Cc: "roopa@...ulusnetworks.com" <roopa@...ulusnetworks.com> Subject: Re: Bug in br_handle_frame On 15/02/2019 16:03, Tomas Paukrt wrote: > Hi, > > I have recently discovered that kernel 3.12.10 is occasionally crashing > due to NULL pointer dereference in function br_handle_frame when we > reconfigure the bridge, because function br_port_get_rcu returns NULL. > > It is very hard for us to replicate this issue, because it happens about > once per month in our testing environment, but I have created the > attached patch. Can you please check it? The latest kernel seems to be > affected too. > > Best regards > > Tomas > Hi, That should not be possible, br_port_get_rcu() is a wrapper for dev->rx_handler_data which in turn should always be present in case rx_handler is called as can be seen in netdev_rx_handler_unregister(). Could you please share details about the crash and possibly a trace ? Do you have any custom patches applied ? Thanks, Nik
Powered by blists - more mailing lists