| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250630-test_vsock-v5-0-2492e141e80b@redhat.com>
Date: Mon, 30 Jun 2025 18:33:02 +0200
From: Luigi Leonardi <leonardi@...hat.com>
To: Stefano Garzarella <sgarzare@...hat.com>, Michal Luczaj <mhal@...x.co>
Cc: virtualization@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, Luigi Leonardi <leonardi@...hat.com>,
Hyunwoo Kim <v4bel@...ori.io>
Subject: [PATCH net-next v5 0/2] vsock/test: check for null-ptr-deref when
transport changes
This series introduces a new test that checks for a null pointer
dereference that may happen when there is a transport change[1]. This
bug was fixed in [2].
Note that this test *cannot* fail, it hangs if it triggers a kernel
oops. The intended use-case is to run it and then check if there is any
oops in the dmesg.
This test is based on Hyunwoo Kim's[3] and Michal's python
reproducers[4].
[1]https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-ELITE-AX/
[2]https://lore.kernel.org/netdev/20250110083511.30419-1-sgarzare@redhat.com/
[3]https://lore.kernel.org/netdev/Z2LvdTTQR7dBmPb5@v4bel-B760M-AORUS-ELITE-AX/#t
[4]https://lore.kernel.org/netdev/2b3062e3-bdaa-4c94-a3c0-2930595b9670@rbox.co/
Signed-off-by: Luigi Leonardi <leonardi@...hat.com>
---
Changes in v5:
- Addressed Stefano's comments:
- Use a macro for G2H transport detection
- Improved commits and comments text
- Rebased on latest net-next
- Link to v4:
https://lore.kernel.org/r/20250624-test_vsock-v4-1-087c9c8e25a2@redhat.com
Changes in v4:
- Addressed Stefano's comments:
- Minor style changes
- Use `get_transports()` to print a warning when a G2H transport is
loaded
- Removed check on second connect: Because the first connect is
interrupted, the socket is in an unspecified state (see man connect)
. This can cause strange and unexpected behaviors (connect returning
success on a non-existing CID).
- Link to v3:
https://lore.kernel.org/r/20250611-test_vsock-v3-1-8414a2d4df62@redhat.com
Sorry, this took waaay longer than expected.
Changes in v3:
Addressed Stefano's and Michal's comments:
- Added the splat text to the commit commessage.
- Introduced commit hash that fixes the bug.
- Not using perror anymore on pthread_* functions.
- Listener is just created once.
- Link to v2:
https://lore.kernel.org/r/20250314-test_vsock-v2-1-3c0a1d878a6d@redhat.com
Changes in v2:
- Addressed Stefano's comments:
- Timeout is now using current_nsec()
- Check for return values
- Style issues
- Added Hyunwoo Kim to Suggested-by
- Link to v1:
https://lore.kernel.org/r/20250306-test_vsock-v1-0-0320b5accf92@redhat.com
---
Luigi Leonardi (2):
vsock/test: Add macros to identify transports
vsock/test: Add test for null ptr deref when transport changes
tools/testing/vsock/Makefile | 1 +
tools/testing/vsock/util.h | 4 +
tools/testing/vsock/vsock_test.c | 170 +++++++++++++++++++++++++++++++++++++++
3 files changed, 175 insertions(+)
---
base-commit: 647496422ba9d2784fb8e15b3fda7fe801b1f2ff
change-id: 20250306-test_vsock-3e77a9c7a245
Best regards,
--
Luigi Leonardi <leonardi@...hat.com>
Powered by blists - more mailing lists