lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAO9qdTFiCEoDnckBq7tQDxtZ2LonC6+rMC5rq8H9UnOHL-iqUg@mail.gmail.com>
Date: Tue, 20 Aug 2024 22:01:11 +0900
From: Jeongjun Park <aha310510@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: wenjia@...ux.ibm.com, jaka@...ux.ibm.com, alibuda@...ux.alibaba.com, 
	tonylu@...ux.alibaba.com, guwen@...ux.alibaba.com, davem@...emloft.net, 
	kuba@...nel.org, pabeni@...hat.com, utz.bacher@...ibm.com, 
	dust.li@...ux.alibaba.com, linux-s390@...r.kernel.org, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, syzkaller <syzkaller@...glegroups.com>
Subject: Re: [PATCH net,v6,1/2] net/smc: modify smc_sock structure

Eric Dumazet wrote:
>
> On Tue, Aug 20, 2024 at 2:15 PM Jeongjun Park <aha310510@...il.com> wrote:
> >
> > Since inet_sk(sk)->pinet6 and smc_sk(sk)->clcsock practically
> > point to the same address, when smc_create_clcsk() stores the newly
> > created clcsock in smc_sk(sk)->clcsock, inet_sk(sk)->pinet6 is corrupted
> > into clcsock. This causes NULL pointer dereference and various other
> > memory corruptions.
> >
> > To solve this, we need to modify the smc_sock structure.
> >
> > Reported-by: syzkaller <syzkaller@...glegroups.com>
> > Fixes: ac7138746e14 ("smc: establish new socket family")
>
> Are you sure this Fixes: tag is correct ?
>
> Hint : This commit is from 2017, but IPPROTO_SMC was added in 2024.
>

After listening, I realized that the Fixes tag was wrong.

When sending the v7 patch, you only need to use the Fixes tag for the
d25a92ccae6b commit, so we will send it by combining the existing patches.

>
> > Signed-off-by: Jeongjun Park <aha310510@...il.com>
> > ---
> >  net/smc/smc.h | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/smc/smc.h b/net/smc/smc.h
> > index 34b781e463c4..f23f76e94a66 100644
> > --- a/net/smc/smc.h
> > +++ b/net/smc/smc.h
> > @@ -283,7 +283,10 @@ struct smc_connection {
> >  };
> >
> >  struct smc_sock {                              /* smc sock container */
> > -       struct sock             sk;
> > +       union {
> > +               struct sock             sk;     /* for AF_SMC */
> > +               struct inet_sock        inet;   /* for IPPROTO_SMC */
> > +       };
> >         struct socket           *clcsock;       /* internal tcp socket */
> >         void                    (*clcsk_state_change)(struct sock *sk);
> >                                                 /* original stat_change fct. */
> > --

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ