lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <168880759380.30427.3453754098888355051.git-patchwork-notify@kernel.org>
Date: Sat, 08 Jul 2023 09:13:13 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, willemb@...gle.com, steffen.klassert@...unet.com,
 ian.kumlien@...il.com
Subject: Re: [PATCH net] net: prevent skb corruption on frag list segmentation

Hello:

This patch was applied to netdev/net.git (main)
by David S. Miller <davem@...emloft.net>:

On Fri,  7 Jul 2023 10:11:10 +0200 you wrote:
> Ian reported several skb corruptions triggered by rx-gro-list,
> collecting different oops alike:
> 
> [   62.624003] BUG: kernel NULL pointer dereference, address: 00000000000000c0
> [   62.631083] #PF: supervisor read access in kernel mode
> [   62.636312] #PF: error_code(0x0000) - not-present page
> [   62.641541] PGD 0 P4D 0
> [   62.644174] Oops: 0000 [#1] PREEMPT SMP NOPTI
> [   62.648629] CPU: 1 PID: 913 Comm: napi/eno2-79 Not tainted 6.4.0 #364
> [   62.655162] Hardware name: Supermicro Super Server/A2SDi-12C-HLN4F, BIOS 1.7a 10/13/2022
> [   62.663344] RIP: 0010:__udp_gso_segment (./include/linux/skbuff.h:2858
> ./include/linux/udp.h:23 net/ipv4/udp_offload.c:228 net/ipv4/udp_offload.c:261
> net/ipv4/udp_offload.c:277)
> [   62.687193] RSP: 0018:ffffbd3a83b4f868 EFLAGS: 00010246
> [   62.692515] RAX: 00000000000000ce RBX: 0000000000000000 RCX: 0000000000000000
> [   62.699743] RDX: ffffa124def8a000 RSI: 0000000000000079 RDI: ffffa125952a14d4
> [   62.706970] RBP: ffffa124def8a000 R08: 0000000000000022 R09: 00002000001558c9
> [   62.714199] R10: 0000000000000000 R11: 00000000be554639 R12: 00000000000000e2
> [   62.721426] R13: ffffa125952a1400 R14: ffffa125952a1400 R15: 00002000001558c9
> [   62.728654] FS:  0000000000000000(0000) GS:ffffa127efa40000(0000)
> knlGS:0000000000000000
> [   62.736852] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   62.742702] CR2: 00000000000000c0 CR3: 00000001034b0000 CR4: 00000000003526e0
> [   62.749948] Call Trace:
> [   62.752498]  <TASK>
> [   62.779267] inet_gso_segment (net/ipv4/af_inet.c:1398)
> [   62.787605] skb_mac_gso_segment (net/core/gro.c:141)
> [   62.791906] __skb_gso_segment (net/core/dev.c:3403 (discriminator 2))
> [   62.800492] validate_xmit_skb (./include/linux/netdevice.h:4862
> net/core/dev.c:3659)
> [   62.804695] validate_xmit_skb_list (net/core/dev.c:3710)
> [   62.809158] sch_direct_xmit (net/sched/sch_generic.c:330)
> [   62.813198] __dev_queue_xmit (net/core/dev.c:3805 net/core/dev.c:4210)
> net/netfilter/core.c:626)
> [   62.821093] br_dev_queue_push_xmit (net/bridge/br_forward.c:55)
> [   62.825652] maybe_deliver (net/bridge/br_forward.c:193)
> [   62.829420] br_flood (net/bridge/br_forward.c:233)
> [   62.832758] br_handle_frame_finish (net/bridge/br_input.c:215)
> [   62.837403] br_handle_frame (net/bridge/br_input.c:298
> net/bridge/br_input.c:416)
> [   62.851417] __netif_receive_skb_core.constprop.0 (net/core/dev.c:5387)
> [   62.866114] __netif_receive_skb_list_core (net/core/dev.c:5570)
> [   62.871367] netif_receive_skb_list_internal (net/core/dev.c:5638
> net/core/dev.c:5727)
> [   62.876795] napi_complete_done (./include/linux/list.h:37
> ./include/net/gro.h:434 ./include/net/gro.h:429 net/core/dev.c:6067)
> [   62.881004] ixgbe_poll (drivers/net/ethernet/intel/ixgbe/ixgbe_main.c:3191)
> [   62.893534] __napi_poll (net/core/dev.c:6498)
> [   62.897133] napi_threaded_poll (./include/linux/netpoll.h:89
> net/core/dev.c:6640)
> [   62.905276] kthread (kernel/kthread.c:379)
> [   62.913435] ret_from_fork (arch/x86/entry/entry_64.S:314)
> [   62.917119]  </TASK>
> 
> [...]

Here is the summary with links:
  - [net] net: prevent skb corruption on frag list segmentation
    https://git.kernel.org/netdev/net/c/c329b261afe7

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ