|
@dvyukov | |||||
|
I have so many questions right now.
You know #Linux, right, the thing that runs the universe today?
This FOU_ATTR_LOCAL_V6 wanted to say .len instead of .type:
elixir.bootlin.com/linux/v5.4/sou…
This means this thing never-ever worked in any way. Any attempt to pass these args would...
|
||||||
|
||||||
|
Dmitry Vyukov
@dvyukov
|
21. sij |
|
...fail immediately. This means it was never invoked once, 0 tests. Can probably also corrupt memory and do other bad things. The file was touched several times after that, obviously no tests were run after these changes as well...
|
||
|
|
||
|
Dmitry Vyukov
@dvyukov
|
21. sij |
|
This is public interface (analog of syscalls), adds public symbols, available to unpriv users, in 5.4 LTS release now.
How?
@davem_dokebi
|
||
|
|
||
|
Dmitry Vyukov
@dvyukov
|
23. sij |
|
@colinianking @JuliaLawall @embeddedgus this was found with static analysis (of elf files,easier to read policies there). Is there anything for netlink? That may be profitable (>500 policies in kernel) if you are looking for ideas (and out of bugs :))
Missed arg checks are common
|
||
|
|
||
|
Tolyan Botan
@TolyanBotan
|
22. sij |
|
@kristrev is the author of the change.
|
||
|
|
||
|
Dmitry Vyukov
@dvyukov
|
23. sij |
|
@kristrev just mailed a fix:
lists.openwall.net/netdev/2020/01…
(now need to revert removal of these attributes from syzkaller :))
|
||
|
|
||
|
Matthew Friday
@mathfriday
|
21. sij |
|
The "realibility" does not really matter, all that matters is to get through code review and endup with the commit inside for logs...
Same thing with all of these CVE Hunter fixes...
|
||
|
|
||
|
Jason Turner
@lefticus
|
21. sij |
|
Same for FOU_ATTR_PEER_V6 then also? Or no? This raises all kinds of questions for me about the related _V4 versions also.
|
||
|
|
||
|
Tolyan Botan
@TolyanBotan
|
22. sij |
|
The change was introduced in the commit github.com/torvalds/linux… on 27 Mar 2019
release 5.2
|
||
|
|
||