lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Aug 2021 13:20:31 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     David Ahern <dsahern@...il.com>
Cc:     Matthieu Baerts <matthieu.baerts@...sares.net>,
        David Ahern <dsahern@...nel.org>, ciorneiioana@...il.com,
        Yajun Deng <yajun.deng@...ux.dev>, netdev@...r.kernel.org,
        davem@...emloft.net
Subject: Re: [PATCH net-next] ipv4: Fix refcount warning for new fib_info

On Mon, 2 Aug 2021 12:04:01 -0600 David Ahern wrote:
> On 8/2/21 11:58 AM, Matthieu Baerts wrote:
> > Hi David,
> > 
> > On 02/08/2021 18:02, David Ahern wrote:  
> >> Ioana reported a refcount warning when booting over NFS:
> >>
> >> [    5.042532] ------------[ cut here ]------------
> >> [    5.047184] refcount_t: addition on 0; use-after-free.
> >> [    5.052324] WARNING: CPU: 7 PID: 1 at lib/refcount.c:25 refcount_warn_saturate+0xa4/0x150
> >> ...
> >> [    5.167201] Call trace:
> >> [    5.169635]  refcount_warn_saturate+0xa4/0x150
> >> [    5.174067]  fib_create_info+0xc00/0xc90
> >> [    5.177982]  fib_table_insert+0x8c/0x620
> >> [    5.181893]  fib_magic.isra.0+0x110/0x11c
> >> [    5.185891]  fib_add_ifaddr+0xb8/0x190
> >> [    5.189629]  fib_inetaddr_event+0x8c/0x140
> >>
> >> fib_treeref needs to be set after kzalloc. The old code had a ++ which
> >> led to the confusion when the int was replaced by a refcount_t.  
> > 
> > Thank you for the patch!
> > 
> > My CI was also complaining of not being able to run kernel selftests [1].
> > Your patch fixes the issue, thanks!
> > 
> > Tested-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> >   
> 
> Given how easily it is to trigger the warning, I get the impression the
> original was an untested patch.

Yeah :( In hindsight any refcount patch which doesn't contain a
refcount_set() is suspicious. Thanks for the quick fix, applied!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ