subject:"Re\: BUG\(\) can be hit in tcp

Re: BUG() can be hit in tcp_collapse()

2016-11-30 Thread Eric Dumazet

On Wed, 2016-11-30 at 12:00 -0500, Vladis Dronov wrote: > Hello, Eric, Marco, all, > > This is JFYI and a follow-up message. > > A further investigation was made to find out the Linux kernel commit which has > introduced the flaw. It appeared that previous Linux kernel versions are >

Re: BUG() can be hit in tcp_collapse()

2016-11-30 Thread Vladis Dronov

Hello, Eric, Marco, all, This is JFYI and a follow-up message. A further investigation was made to find out the Linux kernel commit which has introduced the flaw. It appeared that previous Linux kernel versions are vulnerable, down to v3.6-rc1. This fact was hidden by 'net.ipv4.tcp_fastopen'

Re: BUG() can be hit in tcp_collapse()

2016-11-11 Thread Vladis Dronov

Hello, Eric, > Another sk_filter() is used in tcp v6. > So the correct patch would be : Thank you much for your research. I'm happy my report has resulted as the proposed patch. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Re: BUG() can be hit in tcp_collapse()

2016-11-10 Thread Eric Dumazet

On Thu, 2016-11-10 at 11:49 -0800, Eric Dumazet wrote: > On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote: > > > The issue is that sk_filter() truncates an incoming packet to a smaller > > value. > > > > Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated. > > > > I guess

Re: BUG() can be hit in tcp_collapse()

2016-11-10 Thread Eric Dumazet

On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote: > The issue is that sk_filter() truncates an incoming packet to a smaller > value. > > Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated. > > I guess other issues would also happen if the truncation also removes > part of

Re: BUG() can be hit in tcp_collapse()

2016-11-10 Thread Eric Dumazet

On Thu, 2016-11-10 at 07:44 -0800, Eric Dumazet wrote: > On Thu, 2016-11-10 at 09:47 -0500, Vladis Dronov wrote: > > Hello, > > > > It was discovered by Marco Grassi (many thanks) that > > the > > latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making

Re: BUG() can be hit in tcp_collapse()

2016-11-10 Thread Eric Dumazet

On Thu, 2016-11-10 at 09:47 -0500, Vladis Dronov wrote: > Hello, > > It was discovered by Marco Grassi (many thanks) that the > latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making > certain syscalls: > > [9.622886] kernel BUG at

Re: BUG() can be hit in tcp_collapse()

2016-11-10 Thread Greg KH

On Thu, Nov 10, 2016 at 09:47:26AM -0500, Vladis Dronov wrote: > Hello, > > It was discovered by Marco Grassi (many thanks) that the > latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making > certain syscalls: > > [9.622886] kernel BUG at

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

Re: BUG() can be hit in tcp_collapse()

8 matches

Site Navigation

Mail list logo

Footer information