| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6afbe4af-ada1-68df-4561-ca4fb45debaf@linux.dev>
Date: Tue, 27 Sep 2022 21:46:40 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Eric Dumazet <edumazet@...gle.com>
Cc: netdev <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
kernel-team <kernel-team@...com>,
Paolo Abeni <pabeni@...hat.com>,
Joanne Koong <joannelkoong@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Martin KaFai Lau <martin.lau@...nel.org>
Subject: Re: [PATCH net-next] net: Fix incorrect address comparison when
searching for a bind2 bucket
On 9/27/22 8:49 PM, Eric Dumazet wrote:
> On Mon, Sep 26, 2022 at 5:25 PM Martin KaFai Lau <kafai@...com> wrote:
>>
>> From: Martin KaFai Lau <martin.lau@...nel.org>
>>
>> The v6_rcv_saddr and rcv_saddr are inside a union in the
>> 'struct inet_bind2_bucket'. When searching a bucket by following the
>> bhash2 hashtable chain, eg. inet_bind2_bucket_match, it is only using
>> the sk->sk_family and there is no way to check if the inet_bind2_bucket
>> has a v6 or v4 address in the union. This leads to an uninit-value
>> KMSAN report in [0] and also potentially incorrect matches.
>
> I do not see the KMSAN report, is it missing from this changelog ?
My bad. Forgot to paste the link in the commit message. It is here:
https://lore.kernel.org/netdev/CAG_fn=Ud3zSW7AZWXc+asfMhZVL5ETnvuY44Pmyv4NPv-ijN-A@mail.gmail.com/
Powered by blists - more mailing lists