lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 29 May 2024 17:57:21 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Matthias Stocker <mstocker@...racuda.com>
Cc: doshir@...are.com, pv-drivers@...are.com, netdev@...r.kernel.org
Subject: Re: [PATCH] vmxnet3: disable rx data ring on dma allocation failure

On Tue, 28 May 2024 12:06:15 +0200 Matthias Stocker wrote:
> When vmxnet3_rq_create fails to allocate memory for the data ring,
> vmxnet3_rq_destroy_all_rxdataring is called, but rq->data_ring.desc_size
> is not zeroed, as is the case when adapter->rxdataring_enabled is set to
> false. This leads to the box crashing a short time later with a
> NULL pointer dereference in memcpy.

That's not much of an explanation, more of restating what the logs say.
I can't spot the bug in the existing code after looking at this for
10min. Please provide a proper explanation.

> [1101376.713751] vmxnet3 0000:13:00.0 dhcp: rx data ring will be disabled
> [1101376.719942] vmxnet3 0000:13:00.0 dhcp: intr type 3, mode 0, 3 vectors allocated
> [1101376.721085] vmxnet3 0000:13:00.0 dhcp: NIC Link is Up 10000 Mbps
> [1101377.020907] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [1101377.023396] #PF: supervisor read access in kernel mode
> [1101377.025172] #PF: error_code(0x0000) - not-present page
> [1101377.026966] PGD 115a58067 P4D 115a58067 PUD 115a55067 PMD 0
> [1101377.028930] Oops: 0000 [#1] SMP NOPTI
> [1101377.033776] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
> [1101377.037316] RIP: 0010:__memcpy+0x12/0x20

Grrr.. Looks like you hid the kernel version. Are you sure your kernel 
has commit 6f4833383e85 ("net: vmxnet3: Fix NULL pointer dereference in
vmxnet3_rq_rx_complete()") ?
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ