* [net-next] tipc: add NULL pointer check
@ 2019-04-03 6:05 Hoang Le
2019-04-03 12:52 ` Jon Maloy
2019-04-05 0:34 ` David Miller
0 siblings, 2 replies; 6+ messages in thread
From: Hoang Le @ 2019-04-03 6:05 UTC (permalink / raw)
To: jon.maloy, maloy, ying.xue, tipc-discussion, netdev
skb somehow dequeued out of inputq before processing, it causes to
NULL pointer and kernel crashed.
Add checking skb valid before using.
Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
---
net/tipc/bcast.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c
index 76e14dc08bb9..6c997d4a6218 100644
--- a/net/tipc/bcast.c
+++ b/net/tipc/bcast.c
@@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct sk_buff_head *defq,
u32 node, port;
skb = skb_peek(inputq);
+ if (!skb)
+ return;
+
hdr = buf_msg(skb);
if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [net-next] tipc: add NULL pointer check
2019-04-03 6:05 [net-next] tipc: add NULL pointer check Hoang Le
@ 2019-04-03 12:52 ` Jon Maloy
2019-04-03 13:09 ` Bo YU
2019-04-05 0:34 ` David Miller
1 sibling, 1 reply; 6+ messages in thread
From: Jon Maloy @ 2019-04-03 12:52 UTC (permalink / raw)
To: Hoang Huu Le, maloy, ying.xue, tipc-discussion, netdev
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Although "somehow" is not the good term here,- the reason is obvious when looking into tipc_sk_proto_rcv().
> -----Original Message-----
> From: netdev-owner@vger.kernel.org <netdev-owner@vger.kernel.org>
> On Behalf Of Hoang Le
> Sent: 3-Apr-19 02:05
> To: Jon Maloy <jon.maloy@ericsson.com>; maloy@donjonn.com;
> ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> netdev@vger.kernel.org
> Subject: [net-next] tipc: add NULL pointer check
>
> skb somehow dequeued out of inputq before processing, it causes to NULL
> pointer and kernel crashed.
>
> Add checking skb valid before using.
>
> Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
> Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
> Acked-by: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
> ---
> net/tipc/bcast.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index
> 76e14dc08bb9..6c997d4a6218 100644
> --- a/net/tipc/bcast.c
> +++ b/net/tipc/bcast.c
> @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct
> sk_buff_head *defq,
> u32 node, port;
>
> skb = skb_peek(inputq);
> + if (!skb)
> + return;
> +
> hdr = buf_msg(skb);
>
> if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
> --
> 2.17.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net-next] tipc: add NULL pointer check
2019-04-03 12:52 ` Jon Maloy
@ 2019-04-03 13:09 ` Bo YU
2019-04-03 14:27 ` Jon Maloy
0 siblings, 1 reply; 6+ messages in thread
From: Bo YU @ 2019-04-03 13:09 UTC (permalink / raw)
To: Jon Maloy; +Cc: Hoang Huu Le, maloy, ying.xue, tipc-discussion, netdev
On Wed, Apr 3, 2019 at 8:55 PM Jon Maloy <jon.maloy@ericsson.com> wrote:
>
> Acked-by: Jon Maloy <jon.maloy@ericsson.com>
>
> Although "somehow" is not the good term here,- the reason is obvious when looking into tipc_sk_proto_rcv().
If so,skb_peek in tipc_mcast_xmit() maybe alert?
>
>
> > -----Original Message-----
> > From: netdev-owner@vger.kernel.org <netdev-owner@vger.kernel.org>
> > On Behalf Of Hoang Le
> > Sent: 3-Apr-19 02:05
> > To: Jon Maloy <jon.maloy@ericsson.com>; maloy@donjonn.com;
> > ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> > netdev@vger.kernel.org
> > Subject: [net-next] tipc: add NULL pointer check
> >
> > skb somehow dequeued out of inputq before processing, it causes to NULL
> > pointer and kernel crashed.
> >
> > Add checking skb valid before using.
> >
> > Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
> > Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
> > Acked-by: Ying Xue <ying.xue@windriver.com>
> > Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
> > ---
> > net/tipc/bcast.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index
> > 76e14dc08bb9..6c997d4a6218 100644
> > --- a/net/tipc/bcast.c
> > +++ b/net/tipc/bcast.c
> > @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct
> > sk_buff_head *defq,
> > u32 node, port;
> >
> > skb = skb_peek(inputq);
> > + if (!skb)
> > + return;
> > +
> > hdr = buf_msg(skb);
> >
> > if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
> > --
> > 2.17.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [net-next] tipc: add NULL pointer check
2019-04-03 13:09 ` Bo YU
@ 2019-04-03 14:27 ` Jon Maloy
2019-04-04 0:35 ` Bo YU
0 siblings, 1 reply; 6+ messages in thread
From: Jon Maloy @ 2019-04-03 14:27 UTC (permalink / raw)
To: Bo YU; +Cc: Hoang Huu Le, maloy, ying.xue, tipc-discussion, netdev
> -----Original Message-----
> From: Bo YU <tsu.yubo@gmail.com>
> Sent: 3-Apr-19 09:10
> To: Jon Maloy <jon.maloy@ericsson.com>
> Cc: Hoang Huu Le <hoang.h.le@dektech.com.au>; maloy@donjonn.com;
> ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> netdev@vger.kernel.org
> Subject: Re: [net-next] tipc: add NULL pointer check
>
> On Wed, Apr 3, 2019 at 8:55 PM Jon Maloy <jon.maloy@ericsson.com>
> wrote:
> >
> > Acked-by: Jon Maloy <jon.maloy@ericsson.com>
> >
> > Although "somehow" is not the good term here,- the reason is obvious
> when looking into tipc_sk_proto_rcv().
> If so,skb_peek in tipc_mcast_xmit() maybe alert?
Don't understand your question. tipc_mcast_xmit() is on the send path, we are on the receive path here.
Besides, this is a completely normal occurrence, so no need for any warning.
///jon
> >
> >
> > > -----Original Message-----
> > > From: netdev-owner@vger.kernel.org <netdev-
> owner@vger.kernel.org> On
> > > Behalf Of Hoang Le
> > > Sent: 3-Apr-19 02:05
> > > To: Jon Maloy <jon.maloy@ericsson.com>; maloy@donjonn.com;
> > > ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> > > netdev@vger.kernel.org
> > > Subject: [net-next] tipc: add NULL pointer check
> > >
> > > skb somehow dequeued out of inputq before processing, it causes to
> > > NULL pointer and kernel crashed.
> > >
> > > Add checking skb valid before using.
> > >
> > > Fixes: c55c8edafa9 ("tipc: smooth change between replicast and
> > > broadcast")
> > > Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
> > > Acked-by: Ying Xue <ying.xue@windriver.com>
> > > Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
> > > ---
> > > net/tipc/bcast.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index
> > > 76e14dc08bb9..6c997d4a6218 100644
> > > --- a/net/tipc/bcast.c
> > > +++ b/net/tipc/bcast.c
> > > @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net,
> > > struct sk_buff_head *defq,
> > > u32 node, port;
> > >
> > > skb = skb_peek(inputq);
> > > + if (!skb)
> > > + return;
> > > +
> > > hdr = buf_msg(skb);
> > >
> > > if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
> > > --
> > > 2.17.1
> >
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net-next] tipc: add NULL pointer check
2019-04-03 14:27 ` Jon Maloy
@ 2019-04-04 0:35 ` Bo YU
0 siblings, 0 replies; 6+ messages in thread
From: Bo YU @ 2019-04-04 0:35 UTC (permalink / raw)
To: Jon Maloy; +Cc: Hoang Huu Le, maloy, ying.xue, tipc-discussion, netdev
On Wed, Apr 3, 2019 at 10:27 PM Jon Maloy <jon.maloy@ericsson.com> wrote:
>
> > -----Original Message-----
> > From: Bo YU <tsu.yubo@gmail.com>
> > Sent: 3-Apr-19 09:10
> > To: Jon Maloy <jon.maloy@ericsson.com>
> > Cc: Hoang Huu Le <hoang.h.le@dektech.com.au>; maloy@donjonn.com;
> > ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> > netdev@vger.kernel.org
> > Subject: Re: [net-next] tipc: add NULL pointer check
> >
> > On Wed, Apr 3, 2019 at 8:55 PM Jon Maloy <jon.maloy@ericsson.com>
> > wrote:
> > >
> > > Acked-by: Jon Maloy <jon.maloy@ericsson.com>
> > >
> > > Although "somehow" is not the good term here,- the reason is obvious
> > when looking into tipc_sk_proto_rcv().
> > If so,skb_peek in tipc_mcast_xmit() maybe alert?
>
> Don't understand your question. tipc_mcast_xmit() is on the send path, we are on the receive path here.
> Besides, this is a completely normal occurrence, so no need for any warning.
Ok, thank you for explation.
>
> ///jon
>
> > >
> > >
> > > > -----Original Message-----
> > > > From: netdev-owner@vger.kernel.org <netdev-
> > owner@vger.kernel.org> On
> > > > Behalf Of Hoang Le
> > > > Sent: 3-Apr-19 02:05
> > > > To: Jon Maloy <jon.maloy@ericsson.com>; maloy@donjonn.com;
> > > > ying.xue@windriver.com; tipc-discussion@lists.sourceforge.net;
> > > > netdev@vger.kernel.org
> > > > Subject: [net-next] tipc: add NULL pointer check
> > > >
> > > > skb somehow dequeued out of inputq before processing, it causes to
> > > > NULL pointer and kernel crashed.
> > > >
> > > > Add checking skb valid before using.
> > > >
> > > > Fixes: c55c8edafa9 ("tipc: smooth change between replicast and
> > > > broadcast")
> > > > Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
> > > > Acked-by: Ying Xue <ying.xue@windriver.com>
> > > > Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
> > > > ---
> > > > net/tipc/bcast.c | 3 +++
> > > > 1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index
> > > > 76e14dc08bb9..6c997d4a6218 100644
> > > > --- a/net/tipc/bcast.c
> > > > +++ b/net/tipc/bcast.c
> > > > @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net,
> > > > struct sk_buff_head *defq,
> > > > u32 node, port;
> > > >
> > > > skb = skb_peek(inputq);
> > > > + if (!skb)
> > > > + return;
> > > > +
> > > > hdr = buf_msg(skb);
> > > >
> > > > if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
> > > > --
> > > > 2.17.1
> > >
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net-next] tipc: add NULL pointer check
2019-04-03 6:05 [net-next] tipc: add NULL pointer check Hoang Le
2019-04-03 12:52 ` Jon Maloy
@ 2019-04-05 0:34 ` David Miller
1 sibling, 0 replies; 6+ messages in thread
From: David Miller @ 2019-04-05 0:34 UTC (permalink / raw)
To: hoang.h.le; +Cc: jon.maloy, maloy, ying.xue, tipc-discussion, netdev
From: Hoang Le <hoang.h.le@dektech.com.au>
Date: Wed, 3 Apr 2019 13:05:04 +0700
> skb somehow dequeued out of inputq before processing, it causes to
> NULL pointer and kernel crashed.
>
> Add checking skb valid before using.
>
> Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
> Reported-by: Tuong Lien Tong <tuong.t.lien@dektech.com.au>
> Acked-by: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Applied.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-04-05 0:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-03 6:05 [net-next] tipc: add NULL pointer check Hoang Le
2019-04-03 12:52 ` Jon Maloy
2019-04-03 13:09 ` Bo YU
2019-04-03 14:27 ` Jon Maloy
2019-04-04 0:35 ` Bo YU
2019-04-05 0:34 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).