| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iKcY54osPG-5kJFhpG4EOodhfoacsM3GNSHJrDM=b3AMw@mail.gmail.com>
Date: Tue, 12 Mar 2024 13:34:39 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
rds-devel@....oracle.com, syzkaller <syzkaller@...glegroups.com>,
Kuniyuki Iwashima <kuniyu@...zon.com>, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Allison Henderson <allison.henderson@...cle.com>
Subject: Re: [PATCH v5 net 2/2] rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
On Tue, Mar 12, 2024 at 12:04 PM Paolo Abeni <pabeni@...hat.com> wrote:
>
> On Fri, 2024-03-08 at 12:01 -0800, Kuniyuki Iwashima wrote:
> > syzkaller reported a warning of netns tracker [0] followed by KASAN
> > splat [1] and another ref tracker warning [1].
> >
> > syzkaller could not find a repro, but in the log, the only suspicious
> > sequence was as follows:
> >
> > 18:26:22 executing program 1:
> > r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
> > ...
> > connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async)
> >
> > The notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT.
> >
>
> Eric, the patches LGTM, and I can see your suggested-by tag, but better
> safe then sorry: could you please confirm it is ok for you too?
Sure thing.
Reviewed-by: Eric Dumazet <edumazet@...gle.com>
Thanks !
Powered by blists - more mailing lists