All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Miller <davem@davemloft.net>
To: jchapman@katalix.com
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH net-next v3 00/16] l2tp: fix API races discovered by syzbot
Date: Mon, 12 Feb 2018 14:00:12 -0500 (EST)	[thread overview]
Message-ID: <20180212.140012.2157785508291954542.davem@davemloft.net> (raw)
In-Reply-To: <1518456819-22244-1-git-send-email-jchapman@katalix.com>

From: James Chapman <jchapman@katalix.com>
Date: Mon, 12 Feb 2018 17:33:23 +0000

> This patch series addresses several races with L2TP APIs discovered by
> syzbot. While working on this, it became clear that the L2TP code
> needed some work to address object lifetime issues. There are no
> functional changes.
> 
> The set of patches 1-13 in combination fix the following syzbot reports.
> 
> 9df43faf0 KASAN: use-after-free Read in pppol2tp_connect
> 6e6a5ec8d general protection fault in pppol2tp_connect
> 347bd5acd KASAN: use-after-free Read in inet_shutdown
> 19c09769f WARNING in debug_print_object

Some symbol export issues:

ERROR: "l2tp_tunnel_free" [net/l2tp/l2tp_ppp.ko] undefined!
ERROR: "l2tp_tunnel_free" [net/l2tp/l2tp_netlink.ko] undefined!
make[1]: *** [scripts/Makefile.modpost:92: __modpost] Error 1

Also, this series is also a hodge-podge of bug fixes that really belong
in 'net' alongside cleanups and refactoring that belong in 'net-next'.

Can you please pull out the genuine bug fixes into a smaller series
targetting 'net' and then after you fix the symbol export issues
we can build on top of that in net-next with the cleanups and
refactoring.

Thank you.

      parent reply	other threads:[~2018-02-12 19:00 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-12 17:33 [PATCH net-next v3 00/16] l2tp: fix API races discovered by syzbot James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 01/16] l2tp: update sk_user_data while holding sk_callback_lock James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 02/16] l2tp: add RCU read lock to protect tunnel ptr in ip socket destroy James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 03/16] l2tp: don't use inet_shutdown on tunnel destroy James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 04/16] l2tp: refactor tunnel lifetime handling wrt its socket James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 05/16] l2tp: use tunnel closing flag James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 06/16] l2tp: refactor session lifetime handling James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 07/16] l2tp: hide sessions if they are closing James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 08/16] l2tp: hide session from pppol2tp_sock_to_session if it is closing James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 09/16] l2tp: refactor pppol2tp_connect James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 10/16] l2tp: add session_free callback James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 11/16] l2tp: do session destroy using a workqueue James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 12/16] l2tp: simplify l2tp_tunnel_closeall James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 13/16] l2tp: refactor ppp session cleanup paths James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 14/16] l2tp: remove redundant sk_user_data check when creating tunnels James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 15/16] l2tp: remove unwanted error message James Chapman
2018-02-12 17:33 ` [PATCH net-next v3 16/16] l2tp: make __l2tp_session_unhash internal James Chapman
2018-02-12 19:00 ` David Miller [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180212.140012.2157785508291954542.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=jchapman@katalix.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.