lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <781062ea4708aed21d2d94e29fbd63ed@codeaurora.org>
Date:   Wed, 26 Feb 2020 13:30:28 -0700
From:   subashab@...eaurora.org
To:     Taehee Yoo <ap420073@...il.com>
Cc:     davem@...emloft.net, kuba@...nel.org, stranche@...eaurora.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH net 00/10] net: rmnet: fix several bugs

On 2020-02-26 10:41, Taehee Yoo wrote:
> This patchset is to fix several bugs in RMNET module.
> 
> 1. The first patch fixes NULL-ptr-deref in rmnet_newlink().
> When rmnet interface is being created, it uses IFLA_LINK
> without checking NULL.
> So, if userspace doesn't set IFLA_LINK, panic will occur.
> In this patch, checking NULL pointer code is added.
> 
> 2. The second patch adds module alias.
> In the current rmnet code, there is no module alias.
> So, RTNL couldn't load rmnet module automatically.
> 
> 3. The third patch fixes NULL-ptr-deref in rmnet_changelink().
> To get real device in rmnet_changelink(), it uses IFLA_LINK.
> But, IFLA_LINK should not be used in rmnet_changelink().
> 
> 4. The fourth patch fixes suspicious RCU usage in rmnet_get_port().
> rmnet_get_port() uses rcu_dereference_rtnl().
> But, rmnet_get_port() is used by datapath.
> So, rcu_dereference() should be used instead of rcu_dereference_rtnl().
> 
> 5. The fifth patch fixes suspicious RCU usage in
> rmnet_force_unassociate_device().
> RCU critical section should not be scheduled.
> But, unregister_netdevice_queue() in the 
> rmnet_force_unassociate_device()
> would be scheduled.
> So, the RCU warning occurs.
> In this patch, the rcu_read_lock() in the 
> rmnet_force_unassociate_device()
> is removed because it's unnecessary.
> 
> 6. The sixth patch adds extack error messages when command fails
> When rmnet netlink command fails, it doesn't print any error message.
> So, users couldn't know the exact reason.
> 
> 7. The seventh patch fixes duplicate MUX ID case.
> RMNET MUX ID is unique.
> So, rmnet interface isn't allowed to be created, which have
> a duplicate MUX ID.
> But, only rmnet_newlink() checks this condition, rmnet_changelink()
> doesn't check this.
> So, duplicate MUX ID case would happen.
> 
> 8. The eighth patch fixes upper/lower interface relationship problems.
> When IFLA_LINK is used, the upper/lower infrastructure should be used.
> Because it checks the maximum depth of upper/lower interfaces and it 
> also
> checks circular interface relationship, etc.
> In this patch, netdev_upper_dev_link() is used.
> 
> 9. The ninth patch fixes bridge related problems.
> a) ->ndo_del_slave() doesn't work.
> b) It couldn't detect circular upper/lower interface relationship.
> c) It couldn't prevent stack overflow because of too deep depth
> of upper/lower interface
> d) It doesn't check the number of lower interfaces.
> e) Panics because of several reasons.
> These problems are actually the same problem.
> So, this patch fixes these problems.
> 
> 10. The tenth patch fixes packet forwarding issue in bridge mode
> Packet forwarding is not working in rmnet bridge mode.
> Because when a packet is forwarded, skb_push() for an ethernet header
> is needed. But it doesn't call skb_push().
> So, the ethernet header will be lost.
> 
> Taehee Yoo (10):
>   net: rmnet: fix NULL pointer dereference in rmnet_newlink()
>   net: rmnet: add missing module alias
>   net: rmnet: fix NULL pointer dereference in rmnet_changelink()
>   net: rmnet: fix suspicious RCU usage
>   net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device()
>   net: rmnet: print error message when command fails
>   net: rmnet: do not allow to change mux id if mux id is duplicated
>   net: rmnet: use upper/lower device infrastructure
>   net: rmnet: fix bridge mode bugs
>   net: rmnet: fix packet forwarding in rmnet bridge mode
> 
>  .../ethernet/qualcomm/rmnet/rmnet_config.c    | 210 +++++++++---------
>  .../ethernet/qualcomm/rmnet/rmnet_config.h    |   3 +-
>  .../ethernet/qualcomm/rmnet/rmnet_handlers.c  |   7 +-
>  .../net/ethernet/qualcomm/rmnet/rmnet_vnd.c   |  20 +-
>  .../net/ethernet/qualcomm/rmnet/rmnet_vnd.h   |   4 +-
>  5 files changed, 122 insertions(+), 122 deletions(-)

Hi Taehee

Thanks for sending the fixes.
I have some minor comments on few of the patches.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ