| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jun 2019 11:53:09 -0300
From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To: Hillf Danton <hdanton@...a.com>
Cc: syzbot <syzbot+c1a380d42b190ad1e559@...kaller.appspotmail.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
"lucien.xin@...il.com" <lucien.xin@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"nhorman@...driver.com" <nhorman@...driver.com>,
"syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
"vyasevich@...il.com" <vyasevich@...il.com>
Subject: Re: general protection fault in sctp_sched_prio_sched
On Tue, Jun 18, 2019 at 10:45:54PM +0800, Hillf Danton wrote:
...
> > Anyway, with the patch above, after calling
> > sctp_stream_init_ext() ->ext will be either completely valid, or it
> > will not be present at all as it is seting ->ext to NULL if sid
> > initialization ended up failing.
> >
> Correct with no doubt.
>
> I was wondering if it is likely for the ->ext, loaded with a valid slab,
> to cause a gpf in sctp_sched_prio_sched() without your patch applied.
> And if the failure to initialise sid could likely change the result.
Thanks, I think I understand now. Well, without the patch, yes, as
syzbot reported. Seems you're also worried if it can happen in other
situations as well, and end up triggering the same gpf but on a
different situation. I don't think so. It should be either
initialized or not initialized. Half-initialized as it was, that's a
pain.
Marcelo
Powered by blists - more mailing lists