| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+tcoBQPBh_GSeO71=OGx2og_BQ0YaWsA7zzNpC08yYGGfVig@mail.gmail.com> Date: Sun, 9 Nov 2025 08:10:23 +0800 From: Jason Xing <kerneljasonxing@...il.com> To: Salvatore Bonaccorso <carnil@...ian.org> Cc: Fernando Fernandez Mancera <fmancera@...e.de>, mc36 <csmate@....hu>, alekcejk@...glemail.com, Jonathan Lemon <jonathan.lemon@...il.com>, Stanislav Fomichev <sdf@...ichev.me>, Maciej Fijalkowski <maciej.fijalkowski@...el.com>, Magnus Karlsson <magnus.karlsson@...el.com>, Björn Töpel <bjorn@...nel.org>, 1118437@...s.debian.org, netdev@...r.kernel.org, bpf@...r.kernel.org Subject: Re: null pointer dereference in interrupt after receiving an ip packet on veth from xsk from user space On Sat, Nov 8, 2025 at 10:49 PM Salvatore Bonaccorso <carnil@...ian.org> wrote: > > Hi, > > On Tue, Oct 21, 2025 at 12:51:32PM +0200, Fernando Fernandez Mancera wrote: > > > > > > On 10/20/25 11:31 PM, mc36 wrote: > > > hi, > > > > > > On 10/20/25 11:04, Jason Xing wrote: > > > > > > > > I followed your steps you attached in your code: > > > > ////// gcc xskInt.c -lxdp > > > > ////// sudo ip link add veth1 type veth > > > > ////// sudo ip link set veth0 up > > > > ////// sudo ip link set veth1 up > > > > > > ip link set dev veth1 address 3a:10:5c:53:b3:5c > > > > > > > ////// sudo ./a.out > > > > > > > that will do the trick on a recent kerlek.... > > > > > > its the destination mac in the c code.... > > > > > > ps: chaining in the original reporter from the fedora land..... > > > > > > > > > have a nice day, > > > > > > cs > > > > > > > > > > hi, FWIW I have reproduced this and I bisected it, issue was introduced at > > 30f241fcf52aaaef7ac16e66530faa11be78a865 - working on a patch. > > Just a qustion in particular for the stable series shipping the commit > (now only 6.17.y relevant at this point since 6.16.y is EOL): Give the > proper fix will take a bit more time to develop, would it make sense > to at least revert the offending commit in the stable series as the > issue is, unless I missunderstood the report, remotely(?) triggerable > denial of service? > > Or do I miss something here? We've been working on this already. Please find the patches at https://lore.kernel.org/all/20251031093230.82386-1-kerneljasonxing@gmail.com/ Yes, my solution is to revert first and apply a pre-allocate array to temporarily store the descriptors that will be published at the tx completion phase. If you also care about this, please feel free to review the whole idea. As long as everyone is on board, I will send an official version with more detailed updates. I'm still waiting for more suggestions :) Thanks, Jason
Powered by blists - more mailing lists