lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3c34b930-446f-a7de-bf54-5ee19b5bbd93@ucloud.cn>
Date:   Sun, 17 Feb 2019 11:45:38 +0800
From:   wenxu <wenxu@...oud.cn>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>, rong.a.chen@...el.com,
        Network Development <netdev@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>, LKP <lkp@...org>
Subject: Re: [PATCH net-next] ip_tunnel: Fix DST_METADATA dst_entry handle in
 tnl_update_pmtu

On 2019/2/17 上午11:35, wenxu wrote:
> On 2019/2/17 上午12:34, Alexei Starovoitov wrote:
>> On Sat, Feb 16, 2019 at 2:11 AM <wenxu@...oud.cn> wrote:
>>> From: wenxu <wenxu@...oud.cn>
>>>
>>> BUG report in selftests: bpf: test_tunnel.sh
>>>
>>> Testing IPIP tunnel...
>>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
>>> PGD 0 P4D 0
>>> Oops: 0010 [#1] SMP PTI
>>> CPU: 0 PID: 16822 Comm: ping Not tainted 5.0.0-rc3-00352-gc8b34e6 #1
>>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
>>> RIP: 0010:          (null)
>>> Code: Bad RIP value.
>>> RSP: 0018:ffffc9000104f9c8 EFLAGS: 00010286
>>> RAX: 0000000000000000 RBX: ffffe8ffffc071a8 RCX: 0000000000000000
>>> RDX: ffff888054e33000 RSI: ffff88807796f500 RDI: ffffe8ffffc07130
>>> RBP: ffff88807796f500 R08: ffff88806da4f0a0 R09: 0000000000000000
>>> R10: 0000000000000004 R11: ffff888054e33000 R12: 0000000000000054
>>> R13: ffff88805e714000 R14: ffff88806da4f0a0 R15: 0000000000000000
>>> FS:  00007f4c00431500(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
>>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> CR2: ffffffffffffffd6 CR3: 000000008276e000 CR4: 00000000000406f0
>>> Call Trace:
>>>  ? tnl_update_pmtu+0x21b/0x250 [ip_tunnel]
>>>  ? ip_md_tunnel_xmit+0x1b7/0xdc0 [ip_tunnel]
>>>  ? ipip_tunnel_xmit+0x90/0xc0 [ipip]
>>>  ? dev_hard_start_xmit+0x98/0x210
>>>  ? __dev_queue_xmit+0x6a9/0x8e0
>>>
>>> The bpf program set tunnel_key through bpf_skb_set_tunnel_key which will
>>> drop the old dst_entry and create a DST_METADATA dst_entry. It will lead
>>> the tunnel_update_pmtu operator the dst_entry incorrect. So It should be
>>> check the dst_entry is valid.
>>>
>>> Fixes: c8b34e680a09 ("ip_tunnel: Add tnl_update_pmtu in ip_md_tunnel_xmit")
>>> Signed-off-by: wenxu <wenxu@...oud.cn>
>> different fix for this issue was sent earlier:
>> https://patchwork.ozlabs.org/patch/1042687/
>> I think it's more complete than this one.
>>
> sorry for didn't saw the patch before. But I think the patch I provide more simpler and  also complete for fix this problem
>
>
>
sorry for skip this patch. Thx!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ