| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 May 2019 12:25:57 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: hujunwei4@...wei.com
Cc: jon.maloy@...csson.com, ying.xue@...driver.com,
netdev@...r.kernel.org, tipc-discussion@...ts.sourceforge.net,
mingfangsen@...wei.com, wangxiaogang3@...wei.com,
wangwang2@...wei.com
Subject: Re: [PATCH] tipc: switch order of device registration to fix a
crash
From: hujunwei <hujunwei4@...wei.com>
Date: Thu, 16 May 2019 10:51:15 +0800
> From: Junwei Hu <hujunwei4@...wei.com>
>
> When tipc is loaded while many processes try to create a TIPC socket,
> a crash occurs:
> PANIC: Unable to handle kernel paging request at virtual
> address "dfff20000000021d"
> pc : tipc_sk_create+0x374/0x1180 [tipc]
> lr : tipc_sk_create+0x374/0x1180 [tipc]
> Exception class = DABT (current EL), IL = 32 bits
> Call trace:
> tipc_sk_create+0x374/0x1180 [tipc]
> __sock_create+0x1cc/0x408
> __sys_socket+0xec/0x1f0
> __arm64_sys_socket+0x74/0xa8
> ...
>
> This is due to race between sock_create and unfinished
> register_pernet_device. tipc_sk_insert tries to do
> "net_generic(net, tipc_net_id)".
> but tipc_net_id is not initialized yet.
>
> So switch the order of the two to close the race.
>
> This can be reproduced with multiple processes doing socket(AF_TIPC, ...)
> and one process doing module removal.
>
> Fixes: a62fbccecd62 ("tipc: make subscriber server support net namespace")
> Signed-off-by: Junwei Hu <hujunwei4@...wei.com>
> Reported-by: Wang Wang <wangwang2@...wei.com>
> Reviewed-by: Xiaogang Wang <wangxiaogang3@...wei.com>
Applied and queued up for -stable.
Powered by blists - more mailing lists