Received: by 10.223.176.46 with SMTP id f43csp3141851wra; Mon, 22 Jan 2018 09:03:11 -0800 (PST) X-Google-Smtp-Source: AH8x227TPAVJ/5swlJayYIrKOx3274umKSC0/qXeIIs5Dg60VDgKV/N43tpFvtABTlC0Upz0NNSx X-Received: by 10.101.86.137 with SMTP id v9mr7474213pgs.353.1516640591675; Mon, 22 Jan 2018 09:03:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516640591; cv=none; d=google.com; s=arc-20160816; b=ooqDWfqbKe7NQJkNgKmToG3nTYTxZsQKbfv+rqOka0UDeD8hPV6bN948qMjn2faLyC 6RSSsTMesoqH/4bjoEtA3U4M6zG539PRsPEU4D9r38IEym0NBgPg4LEAbfGmwzXowq2h qHfqKe53Geqa7SINJ0J8hqCsqQcPGROGQM+DgNWFMo9VCNclSt8Ksa0TE3tzXDt9Up1h NHF2C9e/i6BPSTzjx57xa39Z036S2tg1APaO4VFryvW0KZsfCZSgsVKsUHorbMU+xs+C 66PKmtI0Tftt+sXoHwaJnkK1uDV4xalx0fixtaWiYI19vpwJ9rZARj0AVpLAVAYKZZb+ UYzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :dkim-signature:arc-authentication-results; bh=xYO112Xib6NUHBXSNWgTlM4YwearU6CEv0KJ22v34zM=; b=uUdX1oL3zrkOs1ZQ2XUusANJ586MQ+L6Tnl1CDPA4KYHuQBhlNFzzKQBAKGqEC12Zs jfYtyDlc029VXa7DBTzir50IqV0cEjoVpAwcuY8QCVpV57LaFdQu6BTZ8ifAV9bqxOw2 aGSmBewCxnxmHem4dUTupAC6aU8NVLmI9WNE4qXsm9GagYVfBAdZRFmknLNhOHWVnm5e CZfRJKUP2Tge3SUw0VVi5PHUnQaCcTdJidi1BiZxN7NVBZLM6N6gIQmePJ1bf+/4ofYA oz+gSGxQIn5wgbnzkNttiyjn+0et+Kiz+ie1foYcrROaY+5VA/vBDWHznteb1Kg6U1DH cZTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=MFai+Aa2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f67si6279751itb.164.2018.01.22.09.02.58; Mon, 22 Jan 2018 09:03:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=MFai+Aa2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751150AbeAVRB7 (ORCPT + 99 others); Mon, 22 Jan 2018 12:01:59 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:46294 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751028AbeAVRB5 (ORCPT ); Mon, 22 Jan 2018 12:01:57 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0MGuk35139777; Mon, 22 Jan 2018 17:01:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=xYO112Xib6NUHBXSNWgTlM4YwearU6CEv0KJ22v34zM=; b=MFai+Aa29g+6Zn/8aPrwOkFgFc3JnAYxmj15k34LBpEEmENctXQtVI/5WiyvluM/G/kh PSNzphMkX2oxciKXz38pO3PFcMbKhpMTT+EqwfelFwx6JJhzHNCFk8GaX7/HJBFrYykG LugsOKgyp9dkb8NUdwgkquKJ+ahdtEsTXCPrqPKw9QqbDmq2nO7L+jm9Qiz0UhokFe5O 8SW1t5EU1wnBQjRafX8/A6aUckrO2Fi1yA32MIXM3qMMYA4Y8a85WwAYPET5dyLH6ODX jpiO5Cmh+iTvxsqeSlWvC21S+JIL0HS5a7jkAAK/5eHZfYoXV8n6ng5OTaVWLaLjPlbj Hw== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2fnjgsrq94-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Jan 2018 17:01:47 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w0MH1k33008632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 22 Jan 2018 17:01:46 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w0MH1jSi030307; Mon, 22 Jan 2018 17:01:45 GMT Received: from [10.209.243.219] (/10.209.243.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 22 Jan 2018 09:01:45 -0800 Subject: Re: [PATCH] RDS: Fix rds-ping inducing kernel panic To: Kees Cook Cc: Honggang Li , linux-kernel@vger.kernel.org, Sowmini Varadhan , Steve Beattie , Andy Whitcroft , "David S. Miller" , Jay Fenlason , netdev@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com References: <20180122112415.GA41074@beast> From: Santosh Shilimkar Organization: Oracle Corporation Message-ID: <2768ae2b-b7de-cf00-c599-4c164a6228be@oracle.com> Date: Mon, 22 Jan 2018 09:01:43 -0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180122112415.GA41074@beast> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8782 signatures=668655 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801220238 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/22/2018 3:24 AM, Kees Cook wrote: > As described in: https://bugzilla.redhat.com/show_bug.cgi?id=822754 > > Attempting an RDS connection from the IP address of an IPoIB interface > to itself causes a kernel panic due to a BUG_ON() being triggered. > Making the test less strict allows rds-ping to work without crashing > the machine. > > A local unprivileged user could use this flaw to crash the sytem. > Are you able to reproduce this issue on mainline kernel ? IIRC, this sjouldn't happen anymore but if you see it, please let me know. Will try it as well. rds-ping on self loopback device is often tested and used as well for monitoring services in production. > I think this fix was written by Jay Fenlason , > and extracted from the RedHat kernel patches here: > > https://oss.oracle.com/git/gitweb.cgi?p=redpatch.git;a=commitdiff;h=c7b6a0a1d8d636852be130fa15fa8be10d4704e8 > It was part of redhat patched kernel but not carried in shipping Oracle UEK kernels at least afaik. > This fix appears to have been carried by at least RedHat, Oracle, and > Ubuntu for several years. > > CVE-2012-2372 > > Reported-by: Honggang Li > Cc: stable@vger.kernel.org > Signed-off-by: Kees Cook > --- > This is what I get for researching CVE lifetimes... Am not sure if its applicable anymore. Infact the issue with loopback device was due to congestion update and thats been already addressed with commit '18fc25c94: {rds: prevent BUG_ON triggered on congestion update to loopback}' Regards, Santosh