lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Feb 2023 12:28:41 +0100
From:   Matthieu Baerts <matthieu.baerts@...sares.net>
To:     mptcp@...ts.linux.dev, "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Menglong Dong <imagedong@...cent.com>,
        Mengen Sun <mengensun@...cent.com>,
        Shuah Khan <shuah@...nel.org>, Florian Westphal <fw@...len.de>,
        Jiang Biao <benbjiang@...cent.com>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-kselftest@...r.kernel.org, stable@...r.kernel.org,
        Christoph Paasch <cpaasch@...le.com>,
        Geliang Tang <geliang.tang@...e.com>
Subject: Re: [PATCH net 0/7] mptcp: fixes for 6.3

Hello,

On 27/02/2023 18:29, Matthieu Baerts wrote:
> Patch 1 fixes a possible deadlock in subflow_error_report() reported by
> lockdep. The report was in fact a false positive but the modification
> makes sense and silences lockdep to allow syzkaller to find real issues.
> The regression has been introduced in v5.12.
> 
> Patch 2 is a refactoring needed to be able to fix the two next issues.
> It improves the situation and can be backported up to v6.0.
> 
> Patches 3 and 4 fix UaF reported by KASAN. It fixes issues potentially
> visible since v5.7 and v5.19 but only reproducible until recently
> (v6.0). These two patches depend on patch 2/7.
> 
> Patch 5 fixes the order of the printed values: expected vs seen values.
> The regression has been introduced recently: present in Linus' tree but
> not in a tagged version yet.
> 
> Patch 6 adds missing ro_after_init flags. A previous patch added them
> for other functions but these two have been missed. This previous patch
> has been backported to stable versions (up to v5.12) so probably better
> to do the same here.
> 
> Patch 7 fixes tcp_set_state() being called twice in a row since v5.10.

I'm sorry to ask for that but is it possible not to apply these patches?

> Signed-off-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> ---
> Geliang Tang (1):
>       mptcp: add ro_after_init for tcp{,v6}_prot_override
> 
> Matthieu Baerts (2):
>       selftests: mptcp: userspace pm: fix printed values
>       mptcp: avoid setting TCP_CLOSE state twice
> 
> Paolo Abeni (4):
>       mptcp: fix possible deadlock in subflow_error_report
>       mptcp: refactor passive socket initialization
>       mptcp: use the workqueue to destroy unaccepted sockets

After 3 weeks of validation, syzkaller found an issue with this patch:

  https://github.com/multipath-tcp/mptcp_net-next/issues/366

We then need to NAK this series. We will send a v2 with a fix for that.

>       mptcp: fix UaF in listener shutdown

The other patches of the series are either not very important or are
linked to the "faulty" one: they can all wait as well.

Cheers,
Matt
-- 
Tessares | Belgium | Hybrid Access Solutions
www.tessares.net

Powered by blists - more mailing lists