Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753958AbbL3Oiy (ORCPT ); Wed, 30 Dec 2015 09:38:54 -0500 Received: from mail-wm0-f42.google.com ([74.125.82.42]:36976 "EHLO mail-wm0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752118AbbL3Oit (ORCPT ); Wed, 30 Dec 2015 09:38:49 -0500 MIME-Version: 1.0 In-Reply-To: References: <1451416224-15871-1-git-send-email-jacob@teenage.engineering> <87y4cdyrbn.fsf@doppelsaurus.mobileactivedefense.com> <20151229.150843.2021692616139434395.davem@davemloft.net>

Date: Wed, 30 Dec 2015 09:38:48 -0500 Message-ID: Subject: Re: [PATCH] net: Fix potential NULL pointer dereference in __skb_try_recv_datagram From: Eric Dumazet To: Jacob Siverskog Cc: David Miller , Rainer Weikusat , netdev , Herbert Xu , Konstantin Khlebnikov , Al Viro , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1543 Lines: 33 On Wed, Dec 30, 2015 at 9:30 AM, Jacob Siverskog wrote: > On Wed, Dec 30, 2015 at 2:26 PM, Eric Dumazet wrote: >> At this point corruption already happened. >> We can not possibly detect every possible corruption caused by bugs >> elsewhere in the kernel and just 'recover' at this point. >> We must indeed find the root cause and fix it, instead of trying to hide it. >> >> How often can you trigger this bug ? > > Ok. I don't have a good repro to trigger it unfortunately, I've seen it just a > few times when bringing up/down network interfaces. Does the trace > give any clue? > > [] (__skb_recv_datagram) from [] (udpv6_recvmsg+0x1d0/0x6d0) > [] (udpv6_recvmsg) from [] (inet_recvmsg+0x38/0x4c) > [] (inet_recvmsg) from [] (___sys_recvmsg+0x94/0x170) > [] (___sys_recvmsg) from [] (__sys_recvmsg+0x3c/0x6c) > [] (__sys_recvmsg) from [] (ret_fast_syscall+0x0/0x3c) Not really : it only shows the point where the corruption is detected, not the point where the corruption happened. This might be caused by a netfilter module, a buggy driver... it is hard to know. You might add some traces on the skb itself, like its length or/and content. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/