| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191015.103609.86962935874616520.davem@davemloft.net>
Date: Tue, 15 Oct 2019 10:36:09 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: maheshb@...gle.com
Cc: netdev@...r.kernel.org, edumazet@...gle.com, weiwan@...gle.com,
mahesh@...dewar.net
Subject: Re: [PATCHv3 next] blackhole_netdev: fix syzkaller reported issue
From: Mahesh Bandewar <maheshb@...gle.com>
Date: Fri, 11 Oct 2019 18:14:55 -0700
> While invalidating the dst, we assign backhole_netdev instead of
> loopback device. However, this device does not have idev pointer
> and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
> triggered the syzbot reported crash.
>
> The syzbot report does not have reproducer, however, this is the
> only device that doesn't have matching idev created.
>
> Crash instruction is :
>
> static inline bool ip6_ignore_linkdown(const struct net_device *dev)
> {
> const struct inet6_dev *idev = __in6_dev_get(dev);
>
> return !!idev->cnf.ignore_routes_with_linkdown; <= crash
> }
>
> Also ipv6 always assumes presence of idev and never checks for it
> being NULL (as does the above referenced code). So adding a idev
> for the blackhole_netdev to avoid this class of crashes in the future.
>
> ---
...
> Fixes: 8d7017fd621d ("blackhole_netdev: use blackhole_netdev to invalidate dst entries")
> Signed-off-by: Mahesh Bandewar <maheshb@...gle.com>
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists