lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 21 Sep 2022 14:15:23 -0700
From:   Michael Chan <michael.chan@...adcom.com>
To:     Andy Gospodarek <andrew.gospodarek@...adcom.com>
Cc:     Jakub Kicinski <kuba@...nel.org>,
        David Miller <davem@...emloft.net>,
        Netdev <netdev@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>,
        Pavan Chebbi <pavan.chebbi@...adcom.com>
Subject: Re: [PATCH net] bnxt: prevent skb UAF after handing over to PTP worker

On Wed, Sep 21, 2022 at 1:26 PM Andy Gospodarek
<andrew.gospodarek@...adcom.com> wrote:
>
> On Wed, Sep 21, 2022 at 01:10:05PM -0700, Jakub Kicinski wrote:
> > When reading the timestamp is required bnxt_tx_int() hands
> > over the ownership of the completed skb to the PTP worker.
> > The skb should not be used afterwards, as the worker may
> > run before the rest of our code and free the skb, leading
> > to a use-after-free.
> >
> > Since dev_kfree_skb_any() accepts NULL make the loss of
> > ownership more obvious and set skb to NULL.
> >
> > Fixes: 83bb623c968e ("bnxt_en: Transmit and retrieve packet timestamps")
> > Signed-off-by: Jakub Kicinski <kuba@...nel.org>
>
> In general this looks good to me.  Let's make sure Pavan and Michael
> also agree.  Thanks for the patch!
>
> Reviewed-by: Andy Gospodarek <gospo@...adcom.com>

Thanks for catching this.

Reviewed-by: Michael Chan <michael.chan@...adcom.com>

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4209 bytes)

Powered by blists - more mailing lists