lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <590d44a1-ca27-c171-de87-fe57fc07dff5@ovn.org>
Date:   Mon, 25 Apr 2022 12:36:54 +0200
From:   Ilya Maximets <i.maximets@....org>
To:     Florian Westphal <fw@...len.de>,
        Mark Mielke <mark.mielke@...il.com>
Cc:     dev@...nvswitch.org, netdev@...r.kernel.org,
        stable@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        "David S. Miller" <davem@...emloft.net>,
        Pablo Neira Ayuso <pablo@...filter.org>, i.maximets@....org,
        Antti Antinoja <antti@...nosys.fi>
Subject: Re: [ovs-dev] [PATCH] openvswitch: Ensure nf_ct_put is not called
 with null pointer

On 4/10/22 17:41, Florian Westphal wrote:
> Mark Mielke <mark.mielke@...il.com> wrote:
>> A recent commit replaced calls to nf_conntrack_put() with calls
>> to nf_ct_put(). nf_conntrack_put() permitted the caller to pass
>> null without side effects, while nf_ct_put() performs WARN_ON()
>> and proceeds to try and de-reference the pointer. ovs-vswitchd
>> triggers the warning on startup:
>>
>> [   22.178881] WARNING: CPU: 69 PID: 2157 at include/net/netfilter/nf_conntrack.h:176 __ovs_ct_lookup+0x4e2/0x6a0 [openvswitch]
>> ...
>> [   22.213573] Call Trace:
>> [   22.214318]  <TASK>
>> [   22.215064]  ovs_ct_execute+0x49c/0x7f0 [openvswitch]
>> ...
>> Cc: stable@...r.kernel.org
>> Fixes: 408bdcfce8df ("net: prefer nf_ct_put instead of nf_conntrack_put")
> 
> Actually, no.  As Pablo Neira just pointed out to me Upstream kernel is fine.
> The preceeding commit made nf_ct_out() a noop when ct is NULL.

Hi, Florian.

There is a problem on 5.15 longterm tree where the offending commit
got backported, but the previous one was not, so it triggers an issue
while loading the openvswitch module.

To be more clear, v5.15.35 contains the following commit:
  408bdcfce8df ("net: prefer nf_ct_put instead of nf_conntrack_put")
backported as commit 72dd9e61fa319bc44020c2d365275fc8f6799bff, but
it doesn't have the previous one:
  6ae7989c9af0 ("netfilter: conntrack: avoid useless indirection during conntrack destruction")
that adds the NULL pointer check to the nf_ct_put().

Either 6ae7989c9af0 should be backported to 5.15 or 72dd9e61fa31
reverted on that tree.

Best regards, Ilya Maximets.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ