lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 10 Feb 2020 15:07:45 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     syzbot <syzbot+d195fd3b9a364ddd6731@...kaller.appspotmail.com>
Cc:     coreteam@...filter.org, David Miller <davem@...emloft.net>,
        Florian Westphal <fw@...len.de>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Jakub Kicinski <kuba@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        NetFilter <netfilter-devel@...r.kernel.org>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: WARNING: proc registration bug in hashlimit_mt_check_common

On Mon, Feb 10, 2020 at 10:35 AM syzbot
<syzbot+d195fd3b9a364ddd6731@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    2981de74 Add linux-next specific files for 20200210
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=104b16b5e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=53fc3c3fcb36274f
> dashboard link: https://syzkaller.appspot.com/bug?extid=d195fd3b9a364ddd6731
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=136321d9e00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=159f7431e00000
>
> The bug was bisected to:
>
> commit 8d0015a7ab76b8b1e89a3e5f5710a6e5103f2dd5
> Author: Cong Wang <xiyou.wangcong@...il.com>
> Date:   Mon Feb 3 04:30:53 2020 +0000
>
>     netfilter: xt_hashlimit: limit the max size of hashtable
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12a7f25ee00000
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=11a7f25ee00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=16a7f25ee00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+d195fd3b9a364ddd6731@...kaller.appspotmail.com
> Fixes: 8d0015a7ab76 ("netfilter: xt_hashlimit: limit the max size of hashtable")
>
> xt_hashlimit: size too large, truncated to 1048576
> xt_hashlimit: max too large, truncated to 1048576
> ------------[ cut here ]------------
> proc_dir_entry 'ip6t_hashlimit/syzkaller1' already registered

I think we probably have to remove the procfs file too before releasing
the global mutex. Or, we can mark the table as deleted before actually
delete it, but this requires to change the search logic as well.

I will work on a patch.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ