Re: [4.9.13] use after free in ipv4_mtu

2017-05-03 Thread Daniel J Blueman
On 6 March 2017 at 21:45, Eric Dumazet wrote: > On Mon, 2017-03-06 at 14:33 +0800, Daniel J Blueman wrote: >> On 2 March 2017 at 21:28, Eric Dumazet wrote: >> > On Thu, 2017-03-02 at 05:08 -0800, Eric Dumazet wrote: >> > >> >> Thanks for the report

Re: [4.9.13] use after free in ipv4_mtu

2017-03-07 Thread Eric Dumazet
On Tue, 2017-03-07 at 08:29 -0800, Stephen Hemminger wrote: > + WARN_ONCE(strcmp(default_qdisc_ops->id, "fq"), > + "TCP BBR should only be used with FQ qdisc\n"); > + > Why would that be needed, especially for people that properly setup their qdisc ? Maybe they do not

Re: [4.9.13] use after free in ipv4_mtu

2017-03-07 Thread Stephen Hemminger
On Mon, 06 Mar 2017 08:20:03 -0800 Eric Dumazet wrote: > On Mon, 2017-03-06 at 05:45 -0800, Eric Dumazet wrote: > > On Mon, 2017-03-06 at 14:33 +0800, Daniel J Blueman wrote: > > > > I do change the network queueing discipline and related at runtime [1] > > > which may

Re: [4.9.13] use after free in ipv4_mtu

2017-03-07 Thread Daniel J Blueman
On 7 March 2017 at 00:20, Eric Dumazet wrote: > On Mon, 2017-03-06 at 05:45 -0800, Eric Dumazet wrote: >> On Mon, 2017-03-06 at 14:33 +0800, Daniel J Blueman wrote: > >> > I do change the network queueing discipline and related at runtime [1] >> > which may be triggering

Re: [4.9.13] use after free in ipv4_mtu

2017-03-06 Thread Eric Dumazet
On Mon, 2017-03-06 at 05:45 -0800, Eric Dumazet wrote: > On Mon, 2017-03-06 at 14:33 +0800, Daniel J Blueman wrote: > > I do change the network queueing discipline and related at runtime [1] > > which may be triggering this, though I did think I saw the KASAN > > report only after resuming from

Re: [4.9.13] use after free in ipv4_mtu

2017-03-06 Thread Eric Dumazet
On Mon, 2017-03-06 at 14:33 +0800, Daniel J Blueman wrote: > On 2 March 2017 at 21:28, Eric Dumazet wrote: > > On Thu, 2017-03-02 at 05:08 -0800, Eric Dumazet wrote: > > > >> Thanks for the report ! > >> > >> This patch should solve this precise issue, but we need more

Re: [4.9.13] use after free in ipv4_mtu

2017-03-05 Thread Daniel J Blueman
On 2 March 2017 at 21:28, Eric Dumazet wrote: > On Thu, 2017-03-02 at 05:08 -0800, Eric Dumazet wrote: > >> Thanks for the report ! >> >> This patch should solve this precise issue, but we need more work. >> >> We need to audit all __sk_dst_get() and make sure they are

Re: [4.9.13] use after free in ipv4_mtu

2017-03-02 Thread Eric Dumazet
On Thu, 2017-03-02 at 05:08 -0800, Eric Dumazet wrote: > Thanks for the report ! > > This patch should solve this precise issue, but we need more work. > > We need to audit all __sk_dst_get() and make sure they are inside an > rcu_read_lock()/rcu_read_unlock() section. > > diff --git

Re: [4.9.13] use after free in ipv4_mtu

2017-03-02 Thread Eric Dumazet
On Thu, 2017-03-02 at 20:42 +0800, Daniel J Blueman wrote: > With debugging enabled [1,2], KASAN finds a use-after-free in ipv4_mtu > [3,4] with activity over a brcmfmac wireless card. > > Let me know for further testing/debugging. > > Thanks! > Dan > > [1]

[4.9.13] use after free in ipv4_mtu

2017-03-02 Thread Daniel J Blueman
With debugging enabled [1,2], KASAN finds a use-after-free in ipv4_mtu [3,4] with activity over a brcmfmac wireless card. Let me know for further testing/debugging. Thanks! Dan [1] https://quora.org/linux/ipv4_mtu/config [2] https://quora.org/linux/ipv4_mtu/vmlinux -- [3] BUG: KASAN: