From: Paul Moore <paul@paul-moore.com>
To: "Jakub Kicinski" <kuba@kernel.org>, 王贇 <yun.wang@linux.alibaba.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
David Ahern <dsahern@kernel.org>,
netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] net: fix NULL pointer reference in cipso_v4_doi_free
Date: Mon, 30 Aug 2021 12:50:31 -0400 [thread overview]
Message-ID: <CAHC9VhRHx=+Fek7W4oyZWVBUENQ8VnD+mWXUytKPKg+9p-J4LQ@mail.gmail.com> (raw)
In-Reply-To: <20210830094525.3c97e460@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
On Mon, Aug 30, 2021 at 12:45 PM Jakub Kicinski <kuba@kernel.org> wrote:
> On Mon, 30 Aug 2021 10:17:05 -0400 Paul Moore wrote:
> > On Mon, Aug 30, 2021 at 6:28 AM 王贇 <yun.wang@linux.alibaba.com> wrote:
> > >
> > > In netlbl_cipsov4_add_std() when 'doi_def->map.std' alloc
> > > failed, we sometime observe panic:
> > >
> > > BUG: kernel NULL pointer dereference, address:
> > > ...
> > > RIP: 0010:cipso_v4_doi_free+0x3a/0x80
> > > ...
> > > Call Trace:
> > > netlbl_cipsov4_add_std+0xf4/0x8c0
> > > netlbl_cipsov4_add+0x13f/0x1b0
> > > genl_family_rcv_msg_doit.isra.15+0x132/0x170
> > > genl_rcv_msg+0x125/0x240
> > >
> > > This is because in cipso_v4_doi_free() there is no check
> > > on 'doi_def->map.std' when doi_def->type got value 1, which
> > > is possibe, since netlbl_cipsov4_add_std() haven't initialize
> > > it before alloc 'doi_def->map.std'.
> > >
> > > This patch just add the check to prevent panic happen in similar
> > > cases.
> > >
> > > Reported-by: Abaci <abaci@linux.alibaba.com>
> > > Signed-off-by: Michael Wang <yun.wang@linux.alibaba.com>
> > > ---
> > > net/netlabel/netlabel_cipso_v4.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > I see this was already merged, but it looks good to me, thanks for
> > making those changes.
>
> FWIW it looks like v1 was also merged:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=733c99ee8b
Yeah, that is unfortunate, there was a brief discussion about that
over on one of the -stable patches for the v1 patch (odd that I never
saw a patchbot post for the v1 patch?). Having both merged should be
harmless, but we want to revert the v1 patch as soon as we can.
Michael, can you take care of this?
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2021-08-30 16:50 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 3:42 [PATCH] net: fix NULL pointer reference in cipso_v4_doi_free 王贇
2021-08-27 0:09 ` Paul Moore
2021-08-30 10:20 ` 王贇
2021-08-30 10:14 ` 王贇
2021-08-30 10:28 ` [PATCH v2] " 王贇
2021-08-30 11:30 ` patchwork-bot+netdevbpf
2021-08-30 14:17 ` Paul Moore
2021-08-30 16:45 ` Jakub Kicinski
2021-08-30 16:50 ` Paul Moore [this message]
2021-08-31 2:41 ` 王贇
2021-08-31 13:48 ` Paul Moore
2021-09-01 1:51 ` 王贇
2021-09-01 9:30 ` David Miller
2021-09-01 9:41 ` 王贇
2021-09-01 10:45 ` David Miller
2021-09-02 3:04 ` 王贇
2021-09-01 2:18 ` [PATCH] Revert "net: fix NULL pointer reference in cipso_v4_doi_free" 王贇
2021-09-01 2:21 ` 王贇
2021-09-01 21:05 ` Paul Moore
2021-09-02 2:37 ` 王贇
2021-09-03 2:15 ` Paul Moore
2021-09-03 2:31 ` 王贇
2021-09-03 14:08 ` Paul Moore
2021-09-03 2:27 ` [PATCH] net: remove the unnecessary check in cipso_v4_doi_free 王贇
2021-09-03 14:08 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhRHx=+Fek7W4oyZWVBUENQ8VnD+mWXUytKPKg+9p-J4LQ@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
--cc=yun.wang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.