| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87czm4wv69.fsf@toke.dk>
Date: Fri, 10 Dec 2021 12:34:06 +0100
From: Toke Høiland-Jørgensen <toke@...e.dk>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] sch_cake: do not call cake_destroy() from cake_init()
Eric Dumazet <edumazet@...gle.com> writes:
> On Fri, Dec 10, 2021 at 3:02 AM Toke Høiland-Jørgensen <toke@...e.dk> wrote:
>>
>> Eric Dumazet <eric.dumazet@...il.com> writes:
>>
>> > From: Eric Dumazet <edumazet@...gle.com>
>> >
>> > qdiscs are not supposed to call their own destroy() method
>> > from init(), because core stack already does that.
>> >
>> > syzbot was able to trigger use after free:
>
>> >
>> > Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc")
>> > Signed-off-by: Eric Dumazet <edumazet@...gle.com>
>> > Reported-by: syzbot <syzkaller@...glegroups.com>
>> > Signed-off-by: Toke Høiland-Jørgensen <toke@...e.dk>
>>
>> Oops, thanks for the fix! I'm a little puzzled with the patch has my
>> S-o-b, though? It should probably be replaced by:
>>
>> Acked-by: Toke Høiland-Jørgensen <toke@...e.dk>
>
> Right, user error from my side, I copied it from your commit changelog
> and forgot to s/Signed-off-by/Cc/
Ah, right, makes sense; no worries :)
-Toke
Powered by blists - more mailing lists