Received: by 10.223.176.46 with SMTP id f43csp3434796wra;
        Mon, 22 Jan 2018 14:18:18 -0800 (PST)
X-Google-Smtp-Source: AH8x227cr4g7hBJ5xbAYzdfP+ortRdSdHEHAEM92vGmQln1c10fDgLjnpIddpENbN5Bwum25f5hy
X-Received: by 10.36.21.140 with SMTP id 134mr613707itq.14.1516659497931;
        Mon, 22 Jan 2018 14:18:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516659497; cv=none;
        d=google.com; s=arc-20160816;
        b=XRoOpWKfv5wyWIqCR25IsWnavDNhaz7Sih169TUTMmPB/v1wWgu6PhG1KR2SliUGru
         DUnFU79yD3xsGO6oWNuG/4jWbL9rh/NR4XRXEviBO6UDvPlRpupG613ILwJn/0FUS4Fg
         B54bIAGXSdBKxYSrcNNm5vBJYkKeJ1mTD0A3oCIhVz5ChDyMNTBvtWysITQx/iOg1iqe
         rm+1ROkx9+v005m6UOoUOJ7mE8ibp8Y+hIQyX/qaH7zcQxbkEOgv9eSzxQjiNGnl73FF
         7JmOk+kJKXOjfI20vTWYhHh17xsSaTksuePeDiTzCdQtYK+cwxoj70I7NbnTdn30HXMn
         +2bQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=nbjtbqeLkR7EHy97bNlQw//W0H+IMq1ht5Zu1aVxAek=;
        b=Za498YM/Uq11iJ1tF2mBSlGWworvumwAg8hD1sdjDkj6VEf+IZqfppNTd1Dg/9Heo1
         6kmzTmmbbTxPfdXFCAPoIQQFX2UKMfHxxeOZURPVg66Pe3Se3MS3wbKALsITeC//Nl8y
         q/IjtG6c4+hksZSNM/K9w7/0fY/0OhxHCoHnl9EtPJUuPn1Pst5ZMdoa+8T33OJ3ZMzg
         T0w4ka5Zeh2YuC8RwSwbsGipZK2zEHgeaJJduiMxvg7meBn6UUQdshzAw2625TxvzxO1
         cDo9wdcQDjVHblq7ZmN77Ap9H7o5+4yFWmkv3L9/EWD0ffg/AL8iiIdDwMh/iZMV3jB3
         Wb3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=UZvPx/4A;
       dkim=fail header.i=@chromium.org header.s=google header.b=hV1H7blW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b186si2651091ith.72.2018.01.22.14.18.04;
        Mon, 22 Jan 2018 14:18:17 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=UZvPx/4A;
       dkim=fail header.i=@chromium.org header.s=google header.b=hV1H7blW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751259AbeAVWRc (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Mon, 22 Jan 2018 17:17:32 -0500
Received: from mail-yw0-f172.google.com ([209.85.161.172]:44431 "EHLO
        mail-yw0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751199AbeAVWR3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Jan 2018 17:17:29 -0500
Received: by mail-yw0-f172.google.com with SMTP id x62so3815966ywg.11
        for <linux-kernel@vger.kernel.org>; Mon, 22 Jan 2018 14:17:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=nbjtbqeLkR7EHy97bNlQw//W0H+IMq1ht5Zu1aVxAek=;
        b=UZvPx/4AK+UB+TDEoVrCKXGjTKI+EnFdUDLTFZtwfBBHb/gbs79RfpG3xzkiP0jOhz
         OhbU/+ewUu570ktzaI8zTfCkDP27++w//XCymwubFT/meGPNScpeOXtoBFlZK69tt4IK
         8pbGC5t1xHoVAy8+VUKNO1x/1754Yu3sXH5562h97mJ99ycgyZw4lWB4qGQ6d5FJfkly
         V47Qq9STraWNAi4xbqxAojZSqOIgUPsc0DH6uQE9izdO+bKaPcbbU2RDsNFqLhGaA/Ci
         TZIWpEIbw8ggCddABl7AyOSJa8MgM0jNNUFpI8Cf6IKh7PkVyZfnV8FsTk0KhVQYQXFc
         Lstw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=nbjtbqeLkR7EHy97bNlQw//W0H+IMq1ht5Zu1aVxAek=;
        b=hV1H7blWq0Wb8iF5c0pcTCUdwOGbrfw6OBgw8aGzqjkyr5+jdOsSegpEAAZ15f7eBc
         +JmD4rRr1sfw20eSFMAZ0dLgqxdxrqrHsegjVGPylP5iRUT2XxoojYehZOnoH0E+wCz4
         0F8HL7s6eYf1y1XQIFqu0brF1xE0S16efk7fI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=nbjtbqeLkR7EHy97bNlQw//W0H+IMq1ht5Zu1aVxAek=;
        b=p+azZug5TGJsytArAnoYAgS9AswrbMlVsvHQz+Mo+504vrLcPltIefkKQ8synglJr5
         GzsxP3d6Nakgw5G41oYQJzEIDBCKYII1GqXvnoJ4W3z6x5D38QcxTx5K+Kua3EvT1NpD
         GYHL8DQv5wb+UBXXbg2VbVP8TzBzIJMxy2xJiz4tFkGDYJ3oD9i9sMCrOYM3EnXNsSKt
         Wcp+nlPF/vpOlyT568s6Wq7J2tq/NOTaHLYqYc9tkBYYjujyJwaBzI4Qxlt8pae/FvH+
         xwt0FAbA7oR4qhRjNApBGb1cSs7qKazaEhqMqHwJScxjIw2CVNPjoyPIGsGY05nVtyPx
         3W1Q==
X-Gm-Message-State: AKwxytfErOERLy3K/T3VX2ZUgR3c6XaBzkU9VmGEVVrQ4ARBztf1z+UC
        aUMK45xEHKT8AUsvpEyhSiZM7k4ro3Vs8DUuxvEZFA==
X-Received: by 10.13.233.7 with SMTP id s7mr372314ywe.208.1516659448768; Mon,
 22 Jan 2018 14:17:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.129.67 with HTTP; Mon, 22 Jan 2018 14:17:27 -0800 (PST)
In-Reply-To: <2768ae2b-b7de-cf00-c599-4c164a6228be@oracle.com>
References: <20180122112415.GA41074@beast> <2768ae2b-b7de-cf00-c599-4c164a6228be@oracle.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 23 Jan 2018 09:17:27 +1100
X-Google-Sender-Auth: PbfDC4QjYUq4-hEDISdVIWCIcyA
Message-ID: <CAGXu5jKhPk2MPCvYCOTbcNs7vdej5iuzJbJ9tM92QqXc7MczUA@mail.gmail.com>
Subject: Re: [PATCH] RDS: Fix rds-ping inducing kernel panic
To:     Santosh Shilimkar <santosh.shilimkar@oracle.com>
Cc:     Honggang Li <honli@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Sowmini Varadhan <sowmini.varadhan@oracle.com>,
        Steve Beattie <sbeattie@ubuntu.com>,
        Andy Whitcroft <apw@canonical.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jay Fenlason <fenlason@redhat.com>,
        Network Development <netdev@vger.kernel.org>,
        linux-rdma <linux-rdma@vger.kernel.org>, rds-devel@oss.oracle.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 23, 2018 at 4:01 AM, Santosh Shilimkar
<santosh.shilimkar@oracle.com> wrote:
> On 1/22/2018 3:24 AM, Kees Cook wrote:
>>
>> As described in: https://bugzilla.redhat.com/show_bug.cgi?id=822754
>>
>> Attempting an RDS connection from the IP address of an IPoIB interface
>> to itself causes a kernel panic due to a BUG_ON() being triggered.
>> Making the test less strict allows rds-ping to work without crashing
>> the machine.
>>
>> A local unprivileged user could use this flaw to crash the sytem.
>>
> Are you able to reproduce this issue on mainline kernel ?
> IIRC, this sjouldn't happen anymore but if you see it, please
> let me know. Will try it as well. rds-ping on self
> loopback device is often tested and used as well for
> monitoring services in production.

I don't have an RDS test setup, no. But it sounds like kernels without
this patch aren't seeing the problem.

> Am not sure if its applicable anymore. Infact the issue with
> loopback device was due to congestion update and thats been
> already addressed with commit '18fc25c94: {rds: prevent BUG_ON
> triggered on congestion update to loopback}'

That looks very much like it was fixed there. Thanks!

-Kees

-- 
Kees Cook
Pixel Security