lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <eb4eee14-7e24-4d1b-b312-e9ea738fefee@kernel.org>
Date: Wed, 26 Nov 2025 12:42:09 +0100
From: Matthieu Baerts <matttbe@...nel.org>
To: Fernando Fernandez Mancera <fmancera@...e.de>, netdev@...r.kernel.org
Cc: csmate@....hu, kerneljasonxing@...il.com, maciej.fijalkowski@...el.com,
 bpf@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, sdf@...ichev.me,
 hawk@...nel.org, daniel@...earbox.net, ast@...nel.org,
 john.fastabend@...il.com, magnus.karlsson@...el.com,
 Stephen Rothwell <sfr@...b.auug.org.au>, Mark Brown <broonie@...nel.org>
Subject: Re: [PATCH net v6] xsk: avoid data corruption on cq descriptor
 number: manual merge

Hello,

On 24/11/2025 18:14, Fernando Fernandez Mancera wrote:
> Since commit 30f241fcf52a ("xsk: Fix immature cq descriptor
> production"), the descriptor number is stored in skb control block and
> xsk_cq_submit_addr_locked() relies on it to put the umem addrs onto
> pool's completion queue.
> 
> skb control block shouldn't be used for this purpose as after transmit
> xsk doesn't have control over it and other subsystems could use it. This
> leads to the following kernel panic due to a NULL pointer dereference.

FYI, and as predicted by Jason, we got a small conflict when merging
'net' in 'net-next' in the MPTCP tree due to this patch applied in 'net':

  0ebc27a4c67d ("xsk: avoid data corruption on cq descriptor number")

and this one from 'net-next':

  8da7bea7db69 ("xsk: add indirect call for xsk_destruct_skb")

----- Generic Message -----
The best is to avoid conflicts between 'net' and 'net-next' trees but if
they cannot be avoided when preparing patches, a note about how to fix
them is much appreciated.

The conflict has been resolved on our side [1] and the resolution we
suggest is attached to this email. Please report any issues linked to
this conflict resolution as it might be used by others. If you worked on
the mentioned patches, don't hesitate to ACK this conflict resolution.
---------------------------

Regarding this conflict, the patch from 'net' removed two functions
above one that has been applied in 'net-next'. I then combined the two
modifications by removing the two functions and keeping the new
attributes set to xsk_destruct_skb().

Rerere cache is available in [2].

Cheers,
Matt

1: https://github.com/multipath-tcp/mptcp_net-next/commit/1caa6b15d784
2: https://github.com/multipath-tcp/mptcp-upstream-rr-cache/commit/265e1
-- 
Sponsored by the NGI0 Core fund.

View attachment "1caa6b15d784769d23637d9c5dae18ddc4bd8b39.patch" of type "text/x-patch" (2275 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ