lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20190516.122557.1330236058135894100.davem@davemloft.net>
Date:   Thu, 16 May 2019 12:25:57 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     hujunwei4@...wei.com
Cc:     jon.maloy@...csson.com, ying.xue@...driver.com,
        netdev@...r.kernel.org, tipc-discussion@...ts.sourceforge.net,
        mingfangsen@...wei.com, wangxiaogang3@...wei.com,
        wangwang2@...wei.com
Subject: Re: [PATCH] tipc: switch order of device registration to fix a
 crash

From: hujunwei <hujunwei4@...wei.com>
Date: Thu, 16 May 2019 10:51:15 +0800

> From: Junwei Hu <hujunwei4@...wei.com>
> 
> When tipc is loaded while many processes try to create a TIPC socket,
> a crash occurs:
>  PANIC: Unable to handle kernel paging request at virtual
>  address "dfff20000000021d"
>  pc : tipc_sk_create+0x374/0x1180 [tipc]
>  lr : tipc_sk_create+0x374/0x1180 [tipc]
>    Exception class = DABT (current EL), IL = 32 bits
>  Call trace:
>   tipc_sk_create+0x374/0x1180 [tipc]
>   __sock_create+0x1cc/0x408
>   __sys_socket+0xec/0x1f0
>   __arm64_sys_socket+0x74/0xa8
>  ...
> 
> This is due to race between sock_create and unfinished
> register_pernet_device. tipc_sk_insert tries to do
> "net_generic(net, tipc_net_id)".
> but tipc_net_id is not initialized yet.
> 
> So switch the order of the two to close the race.
> 
> This can be reproduced with multiple processes doing socket(AF_TIPC, ...)
> and one process doing module removal.
> 
> Fixes: a62fbccecd62 ("tipc: make subscriber server support net namespace")
> Signed-off-by: Junwei Hu <hujunwei4@...wei.com>
> Reported-by: Wang Wang <wangwang2@...wei.com>
> Reviewed-by: Xiaogang Wang <wangxiaogang3@...wei.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ