| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2023 17:06:46 +0100
From: Igor Russkikh <irusskikh@...vell.com>
To: Daniil Maximov <daniil31415it@...il.com>
CC: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni
<pabeni@...hat.com>,
Richard Cochran <richardcochran@...il.com>,
Alexei
Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Jesper
Dangaard Brouer <hawk@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Taehee Yoo <ap420073@...il.com>,
Alexey Khoroshilov <khoroshilov@...ras.ru>, <netdev@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <bpf@...r.kernel.org>,
<lvc-project@...uxtesting.org>
Subject: Re: [EXT] [PATCH] net: atlantic: Fix NULL dereference of skb pointer
in
Hi Daniil,
> If is_ptp_ring == true in the loop of __aq_ring_xdp_clean function,
> then a timestamp is stored from a packet in a field of skb object,
> which is not allocated at the moment of the call (skb == NULL).
>
> Generalize aq_ptp_extract_ts and other affected functions so they don't
> work with struct sk_buff*, but with struct skb_shared_hwtstamps*.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE
Thanks for finding this and working on this.
Have you reproduced it in wild, or this just comes out of static analysis?
I'm asking because looking into the flow you described - it looks like XDP
mode should immediately fail with null pointer access on any rx traffic.
But that was never reported.
I will try to debug and validate the fix, but this may take some time.
So for now
Reviewed-by: Igor Russkikh <irusskikh@...vell.com>
Thanks
Igor
Powered by blists - more mailing lists