lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 May 2019 17:18:44 -0400 (EDT) From: David Miller <davem@...emloft.net> To: kafai@...com Cc: netdev@...r.kernel.org, dsahern@...il.com, bsd@...com, kernel-team@...com, weiwan@...gle.com Subject: Re: [PATCH net] ipv6: A few fixes on dereferencing rt->from From: Martin KaFai Lau <kafai@...com> Date: Tue, 30 Apr 2019 10:45:12 -0700 > It is a followup after the fix in > commit 9c69a1320515 ("route: Avoid crash from dereferencing NULL rt->from") > > rt6_do_redirect(): > 1. NULL checking is needed on rt->from because a parallel > fib6_info delete could happen that sets rt->from to NULL. > (e.g. rt6_remove_exception() and fib6_drop_pcpu_from()). > > 2. fib6_info_hold() is not enough. Same reason as (1). > Meaning, holding dst->__refcnt cannot ensure > rt->from is not NULL or rt->from->fib6_ref is not 0. > > Instead of using fib6_info_hold_safe() which ip6_rt_cache_alloc() > is already doing, this patch chooses to extend the rcu section > to keep "from" dereference-able after checking for NULL. > > inet6_rtm_getroute(): > 1. NULL checking is also needed on rt->from for a similar reason. > Note that inet6_rtm_getroute() is using RTNL_FLAG_DOIT_UNLOCKED. > > Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected") > Signed-off-by: Martin KaFai Lau <kafai@...com> Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists