lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <85da2373-d8ec-0049-bd3d-6b8f4b044edc@gmail.com>
Date:   Fri, 8 Apr 2022 15:18:43 -0700
From:   Eric Dumazet <edumazet@...il.com>
To:     Nicolas Dichtel <nicolas.dichtel@...nd.com>,
        Eric Dumazet <edumazet@...gle.com>,
        kongweibin <kongweibin2@...wei.com>
Cc:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Willem de Bruijn <willemb@...gle.com>,
        Pavel Begunkov <asml.silence@...il.com>,
        David Ahern <dsahern@...nel.org>,
        Vasily Averin <vvs@...tuozzo.com>,
        Martin KaFai Lau <kafai@...com>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>, rose.chen@...wei.com,
        liaichun@...wei.com, stable@...r.kernel.org
Subject: Re: [PATCH net] ipv6: fix panic when forwarding a pkt with no in6 dev


On 4/8/22 07:03, Nicolas Dichtel wrote:
> kongweibin reported a kernel panic in ip6_forward() when input interface
> has no in6 dev associated.
>
> The following tc commands were used to reproduce this panic:
> tc qdisc del dev vxlan100 root
> tc qdisc add dev vxlan100 root netem corrupt 5%

Not sure I understand how these qdisc changes can trigger a NULL idev ?

Do we have another bug, like skb->cb[] content being mangled ?


>
> CC: stable@...r.kernel.org
> Fixes: ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets")
> Reported-by: kongweibin <kongweibin2@...wei.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> ---
>
> kongweibin, could you test this patch with your setup?
>
> Thanks,
> Nicolas
>
>   net/ipv6/ip6_output.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index e23f058166af..fa63ef2bd99c 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb)
>   		goto drop;
>   
>   	if (!net->ipv6.devconf_all->disable_policy &&
> -	    !idev->cnf.disable_policy &&
> +	    (!idev || !idev->cnf.disable_policy) &&
>   	    !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
>   		__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
>   		goto drop;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ