lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHn8xckhVO9NSAOghLbx9uu6MNdMGRJJ6HobZv_OV02FEB4_cw@mail.gmail.com>
Date:   Thu, 12 Aug 2021 17:12:08 +0200
From:   Jussi Maki <joamaki@...il.com>
To:     Nikolay Aleksandrov <nikolay@...dia.com>
Cc:     Network Development <netdev@...r.kernel.org>,
        Jonathan Toppins <jtoppins@...hat.com>
Subject: Re: [PATCH net-next] net, bonding: Disallow vlan+srcmac with XDP

On Thu, Aug 12, 2021 at 5:01 PM Nikolay Aleksandrov <nikolay@...dia.com> wrote:
> Hi Jussi,
> Could you please share the null ptr deref trace?
> I'm curious how we can get a null skb at that point.

Hi Nik, this was reported by Jonathan here:
https://lore.kernel.org/bpf/20210728234350.28796-1-joamaki@gmail.com/T/#m07a73b1886a9213feb7112ce2a0d6dfde84fd27a.
I didn't reproduce the null ptr deref as it was fairly obvious how it
can happen, e.g. by having a bond with xmit_policy=vlan+srcmac. The
hashing functions were refactored to be used for both xdp_buff and
skbuff uses and the skb pointer became optional (was meant to be used
when packet was non-linear), but I missed fixing the vlan hashing
function. Partially the reason leading to this was that the
xmit_policy is very new and the bpf vmtest infra still uses an older
iproute2 version which didn't support it, so this was untested. What
is not tested is broken as usual.

> Also how are the xdp and null ptr deref changes related ?

They're related in that looking into the null ptr deref here I
realized that vlan+srcmac didn't make sense with XDP since we have no
guarantee that the vlan id is in the ethernet header. So this patch
both fixes the deref by checking the skb pointer for NULL and it
disallows the whole xmit policy for XDP for the aforementioned reason.

Hope this makes sense.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ