Patchwork rds: Error on offset mismatch if not loopback

login
register
mail settings
Submitter John Jolly
Date Sept. 20, 2012, 7:11 a.m.
Message ID <20120920071134.GF14393@linux-tkdk.sfcn.org>
Download mbox | patch
Permalink /patch/185350/
State Changes Requested
Delegated to: David Miller
Headers show

Comments

John Jolly - Sept. 20, 2012, 7:11 a.m.
Attempting an rds connection from the IP address of an IPoIB interface
to itself causes a kernel panic due to a BUG_ON() being triggered. Making
the test less strict allows rds-ping to work without crashing the machine.

A local unprivileged user could use this flaw to crash the sytem.
---
 net/rds/ib_send.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
David Miller - Sept. 21, 2012, 5:20 p.m.
From: John Jolly <jjolly@suse.com>
Date: Thu, 20 Sep 2012 01:11:34 -0600

> Attempting an rds connection from the IP address of an IPoIB interface
> to itself causes a kernel panic due to a BUG_ON() being triggered. Making
> the test less strict allows rds-ping to work without crashing the machine.
> 
> A local unprivileged user could use this flaw to crash the sytem.

Please read Documentation/SubmittingPatches to learn how to properly
submit a change, in particular your patch submission was missing a
proper signoff.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
John Jolly - Sept. 21, 2012, 9:28 p.m.
On Fri, Sep 21, 2012 at 01:20:45PM -0400, David Miller wrote:
> From: John Jolly <jjolly@suse.com>
> Date: Thu, 20 Sep 2012 01:11:34 -0600
> 
> > Attempting an rds connection from the IP address of an IPoIB interface
> > to itself causes a kernel panic due to a BUG_ON() being triggered. Making
> > the test less strict allows rds-ping to work without crashing the machine.
> > 
> > A local unprivileged user could use this flaw to crash the sytem.
> 
> Please read Documentation/SubmittingPatches to learn how to properly
> submit a change, in particular your patch submission was missing a
> proper signoff.

Thanks for catching that. Resubmitting with proper signoff.

> 
> Thanks.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/rds/ib_send.c b/net/rds/ib_send.c
index e590949..7920c85 100644
--- a/net/rds/ib_send.c
+++ b/net/rds/ib_send.c
@@ -544,7 +544,7 @@  int rds_ib_xmit(struct rds_connection *conn, struct rds_message *rm,
 	int flow_controlled = 0;
 	int nr_sig = 0;
 
-	BUG_ON(off % RDS_FRAG_SIZE);
+	BUG_ON(!conn->c_loopback && off % RDS_FRAG_SIZE);
 	BUG_ON(hdr_off != 0 && hdr_off != sizeof(struct rds_header));
 
 	/* Do not send cong updates to IB loopback */