lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jan 2020 10:14:19 +0100 From: Davide Caratti <dcaratti@...hat.com> To: Eric Dumazet <edumazet@...gle.com>, "David S . Miller" <davem@...emloft.net> Cc: netdev <netdev@...r.kernel.org>, Eric Dumazet <eric.dumazet@...il.com>, syzbot <syzkaller@...glegroups.com> Subject: Re: [PATCH net] net/sched: act_ife: initalize ife->metalist earlier On Tue, 2020-01-14 at 13:51 -0800, Eric Dumazet wrote: > It seems better to init ife->metalist earlier in tcf_ife_init() > to avoid the following crash : hello Eric, and thanks for the patch. If I well understand the problem, we have _tcf_ife_cleanup() that does dereference of NULL ife->metalist, because it has not yet initialized by tcf_ife_init(). This happened probably because the control action was not valid (hence the Fixes:tag): so, tcf_ife_init() jumped to the error path before doing INIT_LIST_HEAD(). I applied your patch to my tree, and I see this: net/sched/act_ife.c: In function 'tcf_ife_init': net/sched/act_ife.c:533:3: warning: 'ife' may be used uninitialized in this function [-Wmaybe-uninitialized] INIT_LIST_HEAD(&ife->metalist); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And I think the warning is telling us a real problem, because ife = to_ife(*a); is done below the if (!exists) { } statement where you are dereferencing 'ife'. I think the proper fix should do one of these two things: 1) ensure that 'ife' is a valid pointer in the INIT_LIST_HEAD() 2) leave tcf_ife_init() as is, and fix the priblem in _tcf_ife_clenup() by proper checking the value of ife->metalist (which should be NULL in the error path, because tcf_idr_create() does kzalloc() [1]. WDYT? thanks! -- davide [1] https://elixir.bootlin.com/linux/latest/source/net/sched/act_api.c#L404
Powered by blists - more mailing lists