lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aEBpR7eUHIqH0EvE@mini-arch>
Date: Wed, 4 Jun 2025 08:41:59 -0700
From: Stanislav Fomichev <stfomichev@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>, netdev@...r.kernel.org,
	eric.dumazet@...il.com,
	syzbot+9fc858ba0312b42b577e@...kaller.appspotmail.com,
	Stanislav Fomichev <sdf@...ichev.me>
Subject: Re: [PATCH net] net: prevent a NULL deref in rtnl_create_link()

On 06/04, Eric Dumazet wrote:
> At the time rtnl_create_link() is running, dev->netdev_ops is NULL,
> we must not use netdev_lock_ops() or risk a NULL deref if
> CONFIG_NET_SHAPER is defined.
> 
> Use netif_set_group() instead of dev_set_group().
> 
>  RIP: 0010:netdev_need_ops_lock include/net/netdev_lock.h:33 [inline]
>  RIP: 0010:netdev_lock_ops include/net/netdev_lock.h:41 [inline]
>  RIP: 0010:dev_set_group+0xc0/0x230 net/core/dev_api.c:82
> Call Trace:
>  <TASK>
>   rtnl_create_link+0x748/0xd10 net/core/rtnetlink.c:3674
>   rtnl_newlink_create+0x25c/0xb00 net/core/rtnetlink.c:3813
>   __rtnl_newlink net/core/rtnetlink.c:3940 [inline]
>   rtnl_newlink+0x16d6/0x1c70 net/core/rtnetlink.c:4055
>   rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6944
>   netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
>   netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
>   netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
>   netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
>   sock_sendmsg_nosec net/socket.c:712 [inline]
> 
> Reported-by: syzbot+9fc858ba0312b42b577e@...kaller.appspotmail.com
> Closes: https://lore.kernel.org/netdev/6840265f.a00a0220.d4325.0009.GAE@google.com/T/#u
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Fixes: 7e4d784f5810 ("net: hold netdev instance lock during rtnetlink operations")
> Cc: Stanislav Fomichev <sdf@...ichev.me>

Acked-by: Stanislav Fomichev <sdf@...ichev.me>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ