Re: KASAN: slab-out-of-bounds Read in tun_net_xmit (2)

From: Jason Wang
Date: Tue Jan 01 2019 - 22:32:18 EST

Next message: Xue Chaojing: "[PATCH 1/1] net-next/hinic:add shutdown callback"
Previous message: Jason Wang: "Re: [PATCH RFC 1/2] virtio-net: bql support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2018/12/31 äå5:51, Jesper Dangaard Brouer wrote:

Hi MST and Jason,

Could you please take a look at this? This bug is caused by a thread
resizing the tun-queue (via tun_queue_resize -> ptr_ring_resize_multiple).
And error happens in tun_net_xmit -> ptr_ring_produce. My guess is bug
happens when reading r->queue in ptr_ring_produce.

I've look at the code (see diff comments below), but I cannot spot the
issue as the (implicit) memory barrier of a spinlock should cover the
cases I can imagine.

Hi:

Cong sent a patch for this and looks like it was fixed in https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=aff6db454599d62191aabc208930e891748e4322.

Thanks

Next message: Xue Chaojing: "[PATCH 1/1] net-next/hinic:add shutdown callback"
Previous message: Jason Wang: "Re: [PATCH RFC 1/2] virtio-net: bql support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]