lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210329165349.7b2e942f@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Mon, 29 Mar 2021 16:53:49 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Lv Yunlong <lyl2019@...l.ustc.edu.cn>
Cc:     simon.horman@...ronome.com, davem@...emloft.net, ast@...nel.org,
        daniel@...earbox.net, andrii@...nel.org, kafai@...com,
        songliubraving@...com, yhs@...com, john.fastabend@...il.com,
        kpsingh@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org,
        oss-drivers@...ronome.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ethernet/netronome/nfp: Fix a use after free in
 nfp_bpf_ctrl_msg_rx

On Mon, 29 Mar 2021 04:50:02 -0700 Lv Yunlong wrote:
> In nfp_bpf_ctrl_msg_rx, if
> nfp_ccm_get_type(skb) == NFP_CCM_TYPE_BPF_BPF_EVENT is true, the skb
> will be freed. But the skb is still used by nfp_ccm_rx(&bpf->ccm, skb).
> 
> My patch adds a return when the skb was freed.
> 
> Fixes: bcf0cafab44fd ("nfp: split out common control message handling code")
> Signed-off-by: Lv Yunlong <lyl2019@...l.ustc.edu.cn>

Reviewed-by: Jakub Kicinski <kuba@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ