| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241130110734.354f73d7@kernel.org> Date: Sat, 30 Nov 2024 11:07:34 -0800 From: Jakub Kicinski <kuba@...nel.org> To: Cong Wang <xiyou.wangcong@...il.com> Cc: netdev@...r.kernel.org, Cong Wang <cong.wang@...edance.com>, syzbot+21ba4d5adff0b6a7cfc6@...kaller.appspotmail.com, Kuniyuki Iwashima <kuniyu@...zon.com> Subject: Re: [Patch net v2] rtnetlink: fix double call of rtnl_link_get_net_ifla() On Fri, 29 Nov 2024 13:25:19 -0800 Cong Wang wrote: > From: Cong Wang <cong.wang@...edance.com> > > Currently rtnl_link_get_net_ifla() gets called twice when we create > peer devices, once in rtnl_add_peer_net() and once in each ->newlink() > implementation. > > This looks safer, however, it leads to a classic Time-of-Check to > Time-of-Use (TOCTOU) bug since IFLA_NET_NS_PID is very dynamic. And > because of the lack of checking error pointer of the second call, it > also leads to a kernel crash as reported by syzbot. > > Fix this by getting rid of the second call, which already becomes > redudant after Kuniyuki's work. We have to propagate the result of the > first rtnl_link_get_net_ifla() down to each ->newlink(). Two process notes: - please wait 24h between postings; - please don't post new versions in reply to an old one.
Powered by blists - more mailing lists