lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <vbf8svnq59y.fsf@mellanox.com> Date: Fri, 3 May 2019 09:03:11 +0000 From: Vlad Buslov <vladbu@...lanox.com> To: Cong Wang <xiyou.wangcong@...il.com>, Matteo Croce <mcroce@...hat.com> CC: Vlad Buslov <vladbu@...lanox.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...nulli.us>, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH net] cls_matchall: avoid panic when receiving a packet before filter set On Thu 02 May 2019 at 03:48, Cong Wang <xiyou.wangcong@...il.com> wrote: > On Wed, May 1, 2019 at 2:27 AM Matteo Croce <mcroce@...hat.com> wrote: >> >> On Tue, Apr 30, 2019 at 11:25 PM Cong Wang <xiyou.wangcong@...il.com> wrote: >> > >> > On Mon, Apr 29, 2019 at 10:38 AM Matteo Croce <mcroce@...hat.com> wrote: >> > > >> > > When a matchall classifier is added, there is a small time interval in >> > > which tp->root is NULL. If we receive a packet in this small time slice >> > > a NULL pointer dereference will happen, leading to a kernel panic: >> > >> > Hmm, why not just check tp->root against NULL in mall_classify()? >> > >> > Also, which is the offending commit here? Please add a Fixes: tag. >> > >> > Thanks. >> >> Hi, >> >> I just want to avoid an extra check which would be made for every packet. >> Probably the benefit over a check is negligible, but it's still a >> per-packet thing. >> If you prefer a simple check, I can make a v2 that way. > > Yeah, I think that is better, you can add an unlikely() for performance > concern, as NULL is a rare case. > > >> >> For the fixes tag, I didn't put it as I'm not really sure about the >> offending commit. I guess it's the following, what do you think? >> >> commit ed76f5edccc98fa66f2337f0b3b255d6e1a568b7 >> Author: Vlad Buslov <vladbu@...lanox.com> >> Date: Mon Feb 11 10:55:38 2019 +0200 >> >> net: sched: protect filter_chain list with filter_chain_lock mutex > > I think you are right, this is the commit introduced the code > that inserts the tp before fully initializing it. Please Cc Vlad > for your v2, in case we blame a wrong commit here. > > > BTW, it looks like cls_cgroup needs a same fix. Please audit > other tc filters as well. > > Thanks! Sorry for late response. This is indeed the offending commit that should be referenced by fixes tag. Thanks for fixing this, Matteo!
Powered by blists - more mailing lists