lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 26 Apr 2021 20:40:09 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Davide Caratti <dcaratti@...hat.com>
Cc:     jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
        davem@...emloft.net, kuba@...nel.org, wenxu@...oud.cn,
        marcelo.leitner@...il.com, shuali@...hat.com,
        netdev@...r.kernel.org
Subject: Re: [PATCH net] net/sched: act_ct: fix wild memory access when clearing
 fragments

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Mon, 26 Apr 2021 17:45:51 +0200 you wrote:
> while testing re-assembly/re-fragmentation using act_ct, it's possible to
> observe a crash like the following one:
> 
>  KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]
>  CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S                5.12.0-rc7+ #424
>  Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017
>  RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0
>  Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48
>  RSP: 0018:ffff888c31449db8 EFLAGS: 00010203
>  RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960
>  RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e
>  RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350
>  R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000
>  R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160
>  FS:  0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0
>  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>  Call Trace:
>   <IRQ>
>   inet_frag_destroy+0xa9/0x150
>   call_timer_fn+0x2d/0x180
>   run_timer_softirq+0x4fe/0xe70
>   __do_softirq+0x197/0x5a0
>   irq_exit_rcu+0x1de/0x200
>   sysvec_apic_timer_interrupt+0x6b/0x80
>   </IRQ>
> 
> [...]

Here is the summary with links:
  - [net] net/sched: act_ct: fix wild memory access when clearing fragments
    https://git.kernel.org/netdev/net-next/c/f77bd544a6bb

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ