lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0a79ce08-248f-8b81-21ec-c269b0053e13@marvell.com>
Date:   Mon, 11 Jan 2021 18:24:19 +0100
From:   Igor Russkikh <irusskikh@...vell.com>
To:     Jakub Kicinski <kuba@...nel.org>,
        Igor Raits <igor.raits@...il.com>, <mchopra@...vell.com>
CC:     <netdev@...r.kernel.org>
Subject: Re: Kernel panic on shutdown (qede+bond+bridge) - KASAN:
 use-after-free in netif_skb_features+0x90a/0x9b0



>> I've been trying out the latest CentOS 8 Stream kernel and found that I
>> get kernel panic
> (https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.redhat.com_
> show-5Fbug.cgi-3Fid-3D1913481&d=DwICAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=3kUjVPjr
> PMvlbd3rzgP63W0eewvCq4D-kzQRqaXHOqU&m=5qgG2X21EmG-uINb8zuD_KKoPReTy65Q4c4K
> -zzCy2s&s=CQwqKQuIm5UJvVJXF2f2LMTagB7PVxG8-IxPqPHkenc&e= )
>> when trying to reboot the server. With debug kernel I've got following:
>>
>> [  531.818434]
>> ==================================================================
>> [  531.818435] BUG: KASAN: use-after-free in
>> netif_skb_features+0x90a/0x9b0
>> [  531.818436] Read of size 8 at addr ffff893c74d54b50 by task systemd-
>> shutdow/1
>> [  531.818436]                            
>> [  531.818437] CPU: 20 PID: 1 Comm: systemd-shutdow Tainted: G        W
>> I      --------- -  - 4.18.0-259.el8.x86_64+debug #1
>> [  531.818438] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380
>> Gen10, BIOS U30 07/16/2020
> 
> Have you managed to find a fix? If not perhaps try an upstream build?
> Unlikely someone here will be willing to help with a RHEL kernel, and
> we can't even access the bug report in bugzilla.

For the record, (thanks Manish Chopra for finding this) here is a fix (I
believe missing in RHEL tree):

commit 2c1644cf6d46a8267d79ed95cb9b563839346562
Author: Feng Sun <loyou85@...il.com>
Date:   Mon Aug 26 14:46:04 2019 +0800
    net: fix skb use after free in netpoll

Thanks
  Igor

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ