| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191121.134414.613685320791127696.davem@davemloft.net>
Date: Thu, 21 Nov 2019 13:44:14 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: john.fastabend@...il.com
Cc: alexei.starovoitov@...il.com, netdev@...r.kernel.org,
dan.carpenter@...cle.com, daniel@...earbox.net
Subject: Re: [net PATCH] bpf: skmsg, fix potential psock NULL pointer
dereference
From: John Fastabend <john.fastabend@...il.com>
Date: Thu, 21 Nov 2019 12:27:23 -0800
> Alexei Starovoitov wrote:
>> On Thu, Nov 21, 2019 at 8:28 AM John Fastabend <john.fastabend@...il.com> wrote:
>> >
>> > Report from Dan Carpenter,
>> >
>> > net/core/skmsg.c:792 sk_psock_write_space()
>> > error: we previously assumed 'psock' could be null (see line 790)
>> >
>> > net/core/skmsg.c
>> > 789 psock = sk_psock(sk);
>> > 790 if (likely(psock && sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)))
>> > Check for NULL
>> > 791 schedule_work(&psock->work);
>> > 792 write_space = psock->saved_write_space;
>> > ^^^^^^^^^^^^^^^^^^^^^^^^
>> > 793 rcu_read_unlock();
>> > 794 write_space(sk);
>> >
>> > Ensure psock dereference on line 792 only occurs if psock is not null.
>> >
>> > Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>> > Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
>> > Signed-off-by: John Fastabend <john.fastabend@...il.com>
>>
>> lgtm.
>> John, do you feel strongly about it going to net tree asap?
>> Can it go to net-next ? The merge window is right around the corner.
>
> Agree we can send it to net-next, its been in the kernel for multiple
> versions anyways.
Applied to net-next, thanks.
Powered by blists - more mailing lists