| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 Apr 2019 14:59:55 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: jslaby@...e.cz
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
mkubecek@...e.cz
Subject: Re: [PATCH] kcm: switch order of device registration to fix a crash
From: Jiri Slaby <jslaby@...e.cz>
Date: Fri, 29 Mar 2019 12:19:46 +0100
> When kcm is loaded while many processes try to create a KCM socket, a
> crash occurs:
> BUG: unable to handle kernel NULL pointer dereference at 000000000000000e
> IP: mutex_lock+0x27/0x40 kernel/locking/mutex.c:240
> PGD 8000000016ef2067 P4D 8000000016ef2067 PUD 3d6e9067 PMD 0
> Oops: 0002 [#1] SMP KASAN PTI
> CPU: 0 PID: 7005 Comm: syz-executor.5 Not tainted 4.12.14-396-default #1 SLE15-SP1 (unreleased)
> RIP: 0010:mutex_lock+0x27/0x40 kernel/locking/mutex.c:240
> RSP: 0018:ffff88000d487a00 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 000000000000000e RCX: 1ffff100082b0719
> ...
> CR2: 000000000000000e CR3: 000000004b1bc003 CR4: 0000000000060ef0
> Call Trace:
> kcm_create+0x600/0xbf0 [kcm]
> __sock_create+0x324/0x750 net/socket.c:1272
> ...
>
> This is due to race between sock_create and unfinished
> register_pernet_device. kcm_create tries to do "net_generic(net,
> kcm_net_id)". but kcm_net_id is not initialized yet.
>
> So switch the order of the two to close the race.
>
> This can be reproduced with mutiple processes doing socket(PF_KCM, ...)
> and one process doing module removal.
>
> Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
> Reviewed-by: Michal Kubecek <mkubecek@...e.cz>
> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists