Re: [PATCH] net: mark DECnet as broken
From: Vegard NossumDate: Thu, 7 Apr 2016 09:22:43 +0200 > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. > > Signed-off-by: Vegard Nossum > Link: https://lkml.org/lkml/2015/12/17/666 As stated, I'm not applying this, and rather I am fixing this as below: [PATCH] decnet: Do not build routes to devices without decnet private data. In particular, make sure we check for decnet private presence for loopback devices. Signed-off-by: David S. Miller --- net/decnet/dn_route.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c index 607a14f..b1dc096 100644 --- a/net/decnet/dn_route.c +++ b/net/decnet/dn_route.c @@ -1034,10 +1034,13 @@ source_ok: if (!fld.daddr) { fld.daddr = fld.saddr; - err = -EADDRNOTAVAIL; if (dev_out) dev_put(dev_out); + err = -EINVAL; dev_out = init_net.loopback_dev; + if (!dev_out->dn_ptr) + goto out; + err = -EADDRNOTAVAIL; dev_hold(dev_out); if (!fld.daddr) { fld.daddr = @@ -1110,6 +1113,8 @@ source_ok: if (dev_out == NULL) goto out; dn_db = rcu_dereference_raw(dev_out->dn_ptr); + if (!dn_db) + goto e_inval; /* Possible improvement - check all devices for local addr */ if (dn_dev_islocal(dev_out, fld.daddr)) { dev_put(dev_out); @@ -1151,6 +1156,8 @@ select_source: dev_put(dev_out); dev_out = init_net.loopback_dev; dev_hold(dev_out); + if (!dev_out->dn_ptr) + goto e_inval; fld.flowidn_oif = dev_out->ifindex; if (res.fi) dn_fib_info_put(res.fi); -- 2.1.0
Re: [PATCH] net: mark DECnet as broken
From: Vegard Nossum Date: Thu, 7 Apr 2016 09:22:43 +0200 > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. > > Signed-off-by: Vegard Nossum > Link: https://lkml.org/lkml/2015/12/17/666 As stated, I'm not applying this, and rather I am fixing this as below: [PATCH] decnet: Do not build routes to devices without decnet private data. In particular, make sure we check for decnet private presence for loopback devices. Signed-off-by: David S. Miller --- net/decnet/dn_route.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c index 607a14f..b1dc096 100644 --- a/net/decnet/dn_route.c +++ b/net/decnet/dn_route.c @@ -1034,10 +1034,13 @@ source_ok: if (!fld.daddr) { fld.daddr = fld.saddr; - err = -EADDRNOTAVAIL; if (dev_out) dev_put(dev_out); + err = -EINVAL; dev_out = init_net.loopback_dev; + if (!dev_out->dn_ptr) + goto out; + err = -EADDRNOTAVAIL; dev_hold(dev_out); if (!fld.daddr) { fld.daddr = @@ -1110,6 +1113,8 @@ source_ok: if (dev_out == NULL) goto out; dn_db = rcu_dereference_raw(dev_out->dn_ptr); + if (!dn_db) + goto e_inval; /* Possible improvement - check all devices for local addr */ if (dn_dev_islocal(dev_out, fld.daddr)) { dev_put(dev_out); @@ -1151,6 +1156,8 @@ select_source: dev_put(dev_out); dev_out = init_net.loopback_dev; dev_hold(dev_out); + if (!dev_out->dn_ptr) + goto e_inval; fld.flowidn_oif = dev_out->ifindex; if (res.fi) dn_fib_info_put(res.fi); -- 2.1.0
Re: [PATCH] net: mark DECnet as broken
From: One Thousand GnomesDate: Thu, 7 Apr 2016 15:01:20 +0100 > On Thu, 7 Apr 2016 09:22:43 +0200 > Vegard Nossum wrote: > >> There are NULL pointer dereference bugs in DECnet which can be triggered >> by unprivileged users and have been reported multiple times to LKML, >> however nobody seems confident enough in the proposed fixes to merge them >> and the consensus seems to be that nobody cares enough about DECnet to >> see it fixed anyway. >> >> To shield unsuspecting users from the possible DOS, we should mark this >> BROKEN until somebody who actually uses this code can fix it. > > How about consigning it to staging at this point ? Staging is a one way facility in my opinion. I saw we just fix the NULL dereference.
Re: [PATCH] net: mark DECnet as broken
From: One Thousand Gnomes Date: Thu, 7 Apr 2016 15:01:20 +0100 > On Thu, 7 Apr 2016 09:22:43 +0200 > Vegard Nossum wrote: > >> There are NULL pointer dereference bugs in DECnet which can be triggered >> by unprivileged users and have been reported multiple times to LKML, >> however nobody seems confident enough in the proposed fixes to merge them >> and the consensus seems to be that nobody cares enough about DECnet to >> see it fixed anyway. >> >> To shield unsuspecting users from the possible DOS, we should mark this >> BROKEN until somebody who actually uses this code can fix it. > > How about consigning it to staging at this point ? Staging is a one way facility in my opinion. I saw we just fix the NULL dereference.
Re: [PATCH] net: mark DECnet as broken
On Thu, 7 Apr 2016 09:22:43 +0200 Vegard Nossumwrote: > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. How about consigning it to staging at this point ? Alan
Re: [PATCH] net: mark DECnet as broken
On Thu, 7 Apr 2016 09:22:43 +0200 Vegard Nossum wrote: > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. How about consigning it to staging at this point ? Alan
Re: [PATCH] net: mark DECnet as broken
On Thu, Apr 07, 2016 at 09:22:43AM +0200, Vegard Nossum wrote: > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. > > Signed-off-by: Vegard Nossum> Link: https://lkml.org/lkml/2015/12/17/666 > Cc: Eric Dumazet > Cc: Sasha Levin > Cc: David Miller Reviewed-by: James Cameron (An old DECnet application programmer from way back, ah what fun!) > --- > net/decnet/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig > index f3393e1..b040172 100644 > --- a/net/decnet/Kconfig > +++ b/net/decnet/Kconfig > @@ -3,6 +3,7 @@ > # > config DECNET > tristate "DECnet Support" > + depends on BROKEN > ---help--- > The DECnet networking protocol was used in many products made by > Digital (now Compaq). It provides reliable stream and sequenced fwiw, then Compaq merged into HP. > -- > 1.9.1 > -- James Cameron http://quozl.netrek.org/
Re: [PATCH] net: mark DECnet as broken
On Thu, Apr 07, 2016 at 09:22:43AM +0200, Vegard Nossum wrote: > There are NULL pointer dereference bugs in DECnet which can be triggered > by unprivileged users and have been reported multiple times to LKML, > however nobody seems confident enough in the proposed fixes to merge them > and the consensus seems to be that nobody cares enough about DECnet to > see it fixed anyway. > > To shield unsuspecting users from the possible DOS, we should mark this > BROKEN until somebody who actually uses this code can fix it. > > Signed-off-by: Vegard Nossum > Link: https://lkml.org/lkml/2015/12/17/666 > Cc: Eric Dumazet > Cc: Sasha Levin > Cc: David Miller Reviewed-by: James Cameron (An old DECnet application programmer from way back, ah what fun!) > --- > net/decnet/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig > index f3393e1..b040172 100644 > --- a/net/decnet/Kconfig > +++ b/net/decnet/Kconfig > @@ -3,6 +3,7 @@ > # > config DECNET > tristate "DECnet Support" > + depends on BROKEN > ---help--- > The DECnet networking protocol was used in many products made by > Digital (now Compaq). It provides reliable stream and sequenced fwiw, then Compaq merged into HP. > -- > 1.9.1 > -- James Cameron http://quozl.netrek.org/
[PATCH] net: mark DECnet as broken
There are NULL pointer dereference bugs in DECnet which can be triggered by unprivileged users and have been reported multiple times to LKML, however nobody seems confident enough in the proposed fixes to merge them and the consensus seems to be that nobody cares enough about DECnet to see it fixed anyway. To shield unsuspecting users from the possible DOS, we should mark this BROKEN until somebody who actually uses this code can fix it. Signed-off-by: Vegard NossumLink: https://lkml.org/lkml/2015/12/17/666 Cc: Eric Dumazet Cc: Sasha Levin Cc: David Miller --- net/decnet/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig index f3393e1..b040172 100644 --- a/net/decnet/Kconfig +++ b/net/decnet/Kconfig @@ -3,6 +3,7 @@ # config DECNET tristate "DECnet Support" + depends on BROKEN ---help--- The DECnet networking protocol was used in many products made by Digital (now Compaq). It provides reliable stream and sequenced -- 1.9.1
[PATCH] net: mark DECnet as broken
There are NULL pointer dereference bugs in DECnet which can be triggered by unprivileged users and have been reported multiple times to LKML, however nobody seems confident enough in the proposed fixes to merge them and the consensus seems to be that nobody cares enough about DECnet to see it fixed anyway. To shield unsuspecting users from the possible DOS, we should mark this BROKEN until somebody who actually uses this code can fix it. Signed-off-by: Vegard Nossum Link: https://lkml.org/lkml/2015/12/17/666 Cc: Eric Dumazet Cc: Sasha Levin Cc: David Miller --- net/decnet/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig index f3393e1..b040172 100644 --- a/net/decnet/Kconfig +++ b/net/decnet/Kconfig @@ -3,6 +3,7 @@ # config DECNET tristate "DECnet Support" + depends on BROKEN ---help--- The DECnet networking protocol was used in many products made by Digital (now Compaq). It provides reliable stream and sequenced -- 1.9.1