lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210205082038.ziaouef3v6hhmjow@steredhat>
Date:   Fri, 5 Feb 2021 09:20:38 +0100
From:   Stefano Garzarella <sgarzare@...hat.com>
To:     Norbert Slusarek <nslusarek@....net>
Cc:     Eric Dumazet <eric.dumazet@...il.com>, alex.popov@...ux.com,
        kuba@...nel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] net/vmw_vsock: fix NULL pointer deref and improve locking

On Thu, Feb 04, 2021 at 11:22:42PM +0100, Norbert Slusarek wrote:
>> We request Fixes: tag for patches targeting net tree.
>>
>> You could also mention the vsock_connect_timeout()
>> issue was found by a reviewer and give some credits ;)
>
>You're right, Eric Dumazet spotted the locking problem in vsock_cancel_timeout().
>I am not too familiar how I should format my response to include it to the final
>patch message, in case I should specifically format it, just let me know.
>For now:
>

 From Documentation/process/submitting-patches.rst:
"please use the 'Fixes:' tag with the first 12 characters of the SHA-1 
ID, and the one line summary."

>Fixes: 380feae0def7e6a115124a3219c3ec9b654dca32 (vsock: cancel packets when failing to connect)

So this should be :
Fixes: 380feae0def7 ("vsock: cancel packets when failing to connect")

This maybe could apply for the locking issue, but for the NULL pointer 
issue is better to refer to the commit that handled vsk->transport 
pointer dynamically, that is this one:

Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")

As I suggested, I think is better to split this patch in two patches 
since we are fixing two issues. This should also simplify to attach the 
proper 'Fixes' tag.

But if you want to send a single patch, I thing the right 'Fixes:' tag 
should be the c0cfa2d8a788, since before this commit, both issues are 
not really exploitable.

>Reported-by: Norbert Slusarek <nslusarek@....net>
>Reported-by: Eric Dumazet <eric.dumazet@...il.com>
>

Splitting also allows to put the reporter in the right issue he 
reported.

Thanks,
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ