lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: 
 <173764563702.1390395.2669173969482212363.git-patchwork-notify@kernel.org>
Date: Thu, 23 Jan 2025 15:20:37 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 netdev@...r.kernel.org, horms@...nel.org, dsahern@...nel.org,
 eric.dumazet@...il.com, syzbot+5cfae50c0e5f2c500013@...kaller.appspotmail.com
Subject: Re: [PATCH net] ipmr: do not call mr_mfc_uses_dev() for unres entries

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:

On Tue, 21 Jan 2025 18:12:41 +0000 you wrote:
> syzbot found that calling mr_mfc_uses_dev() for unres entries
> would crash [1], because c->mfc_un.res.minvif / c->mfc_un.res.maxvif
> alias to "struct sk_buff_head unresolved", which contain two pointers.
> 
> This code never worked, lets remove it.
> 
> [1]
> Unable to handle kernel paging request at virtual address ffff5fff2d536613
> KASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]
> Modules linked in:
> CPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>  pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]
>  pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334
>  lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]
>  lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334
> Call trace:
>   mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)
>   mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)
>   mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382
>   ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648
>   rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327
>   rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791
>   netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317
>   netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973
>   sock_recvmsg_nosec net/socket.c:1033 [inline]
>   sock_recvmsg net/socket.c:1055 [inline]
>   sock_read_iter+0x2d8/0x40c net/socket.c:1125
>   new_sync_read fs/read_write.c:484 [inline]
>   vfs_read+0x740/0x970 fs/read_write.c:565
>   ksys_read+0x15c/0x26c fs/read_write.c:708
> 
> [...]

Here is the summary with links:
  - [net] ipmr: do not call mr_mfc_uses_dev() for unres entries
    https://git.kernel.org/netdev/net/c/15a901361ec3

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ