| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Aug 2021 17:12:08 +0200
From: Jussi Maki <joamaki@...il.com>
To: Nikolay Aleksandrov <nikolay@...dia.com>
Cc: Network Development <netdev@...r.kernel.org>,
Jonathan Toppins <jtoppins@...hat.com>
Subject: Re: [PATCH net-next] net, bonding: Disallow vlan+srcmac with XDP
On Thu, Aug 12, 2021 at 5:01 PM Nikolay Aleksandrov <nikolay@...dia.com> wrote:
> Hi Jussi,
> Could you please share the null ptr deref trace?
> I'm curious how we can get a null skb at that point.
Hi Nik, this was reported by Jonathan here:
https://lore.kernel.org/bpf/20210728234350.28796-1-joamaki@gmail.com/T/#m07a73b1886a9213feb7112ce2a0d6dfde84fd27a.
I didn't reproduce the null ptr deref as it was fairly obvious how it
can happen, e.g. by having a bond with xmit_policy=vlan+srcmac. The
hashing functions were refactored to be used for both xdp_buff and
skbuff uses and the skb pointer became optional (was meant to be used
when packet was non-linear), but I missed fixing the vlan hashing
function. Partially the reason leading to this was that the
xmit_policy is very new and the bpf vmtest infra still uses an older
iproute2 version which didn't support it, so this was untested. What
is not tested is broken as usual.
> Also how are the xdp and null ptr deref changes related ?
They're related in that looking into the null ptr deref here I
realized that vlan+srcmac didn't make sense with XDP since we have no
guarantee that the vlan id is in the ethernet header. So this patch
both fixes the deref by checking the skb pointer for NULL and it
disallows the whole xmit policy for XDP for the aforementioned reason.
Hope this makes sense.
Powered by blists - more mailing lists