| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191029.180444.454132430553767413.davem@davemloft.net>
Date: Tue, 29 Oct 2019 18:04:44 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: ap420073@...il.com
Cc: netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
j.vosburgh@...il.com
Subject: Re: [PATCH net] bonding: fix using uninitialized mode_lock
From: Taehee Yoo <ap420073@...il.com>
Date: Tue, 29 Oct 2019 09:12:32 +0000
> When a bonding interface is being created, it setups its mode and options.
> At that moment, it uses mode_lock so mode_lock should be initialized
> before that moment.
>
> rtnl_newlink()
> rtnl_create_link()
> alloc_netdev_mqs()
> ->setup() //bond_setup()
> ->newlink //bond_newlink
> bond_changelink()
> register_netdevice()
> ->ndo_init() //bond_init()
>
> After commit 089bca2caed0 ("bonding: use dynamic lockdep key instead of
> subclass"), mode_lock is initialized in bond_init().
> So in the bond_changelink(), un-initialized mode_lock can be used.
> mode_lock should be initialized in bond_setup().
> This patch partially reverts commit 089bca2caed0 ("bonding: use dynamic
> lockdep key instead of subclass")
>
> Test command:
> ip link add bond0 type bond mode 802.3ad lacp_rate 0
>
> Splat looks like:
...
> Reported-by: syzbot+8da67f407bcba2c72e6e@...kaller.appspotmail.com
> Reported-by: syzbot+0d083911ab18b710da71@...kaller.appspotmail.com
> Fixes: 089bca2caed0 ("bonding: use dynamic lockdep key instead of subclass")
> Signed-off-by: Taehee Yoo <ap420073@...il.com>
Applied, thanks for fixing this so quickly.
Powered by blists - more mailing lists