lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 May 2020 11:09:45 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Andrii Nakryiko <andriin@...com>,
        Dmitry Vyukov <dvyukov@...gle.com>
Cc:     syzbot <syzbot+3610d489778b57cc8031@...kaller.appspotmail.com>,
        Alexei Starovoitov <ast@...nel.org>,
        David Miller <davem@...emloft.net>, guro@...com,
        kuba@...nel.org, Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Subject: Re: general protection fault in inet_unhash



On 5/29/20 10:32 AM, Eric Dumazet wrote:

> L2TP seems to use sk->sk_node to insert sockets into l2tp_ip_table, _and_ uses l2tp_ip_prot.unhash == inet_unhash
> 
> So if/when BPF_CGROUP_RUN_PROG_INET_SOCK(sk) returns an error and inet_create() calls sk_common_release()
> bad things happen, because inet_unhash() expects a valid hashinfo pointer.
> 
> I guess the following patch should fix this.
> 
> Bug has been there forever, but only BPF_CGROUP_RUN_PROG_INET_SOCK(sk) could trigger it.
>

Official submission : https://patchwork.ozlabs.org/project/netdev/patch/20200529180838.107255-1-edumazet@google.com/

Powered by blists - more mailing lists