lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 03 Jun 2023 20:02:27 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Wen Gu <guwen@...ux.alibaba.com>
Cc: kgraul@...ux.ibm.com, wenjia@...ux.ibm.com, jaka@...ux.ibm.com,
 davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
 linux-s390@...r.kernel.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD
 LINK CONT

Hello:

This patch was applied to netdev/net.git (main)
by David S. Miller <davem@...emloft.net>:

On Thu,  1 Jun 2023 16:41:52 +0800 you wrote:
> SMCRv1 has a similar issue to SMCRv2 (see link below) that may access
> invalid MRs of RMBs when construct LLC ADD LINK CONT messages.
> 
>  BUG: kernel NULL pointer dereference, address: 0000000000000014
>  #PF: supervisor read access in kernel mode
>  #PF: error_code(0x0000) - not-present page
>  PGD 0 P4D 0
>  Oops: 0000 [#1] PREEMPT SMP PTI
>  CPU: 5 PID: 48 Comm: kworker/5:0 Kdump: loaded Tainted: G W   E      6.4.0-rc3+ #49
>  Workqueue: events smc_llc_add_link_work [smc]
>  RIP: 0010:smc_llc_add_link_cont+0x160/0x270 [smc]
>  RSP: 0018:ffffa737801d3d50 EFLAGS: 00010286
>  RAX: ffff964f82144000 RBX: ffffa737801d3dd8 RCX: 0000000000000000
>  RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff964f81370c30
>  RBP: ffffa737801d3dd4 R08: ffff964f81370000 R09: ffffa737801d3db0
>  R10: 0000000000000001 R11: 0000000000000060 R12: ffff964f82e70000
>  R13: ffff964f81370c38 R14: ffffa737801d3dd3 R15: 0000000000000001
>  FS:  0000000000000000(0000) GS:ffff9652bfd40000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 0000000000000014 CR3: 000000008fa20004 CR4: 00000000003706e0
>  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>  Call Trace:
>   <TASK>
>   smc_llc_srv_rkey_exchange+0xa7/0x190 [smc]
>   smc_llc_srv_add_link+0x3ae/0x5a0 [smc]
>   smc_llc_add_link_work+0xb8/0x140 [smc]
>   process_one_work+0x1e5/0x3f0
>   worker_thread+0x4d/0x2f0
>   ? __pfx_worker_thread+0x10/0x10
>   kthread+0xe5/0x120
>   ? __pfx_kthread+0x10/0x10
>   ret_from_fork+0x2c/0x50
>   </TASK>
> 
> [...]

Here is the summary with links:
  - [net] net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
    https://git.kernel.org/netdev/net/c/c308e9ec0047

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ