Re: [PATCH] RDMA/netlink: OOPs in rdma_nl_rcv_msg() from misinterpreted flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 23, 2017 at 06:19:11PM +0000, Ruhl, Michael J wrote:
> > -----Original Message-----
> > From: Leon Romanovsky [mailto:leon@xxxxxxxxxx]
> > Sent: Monday, October 23, 2017 2:04 PM
> > To: Doug Ledford <dledford@xxxxxxxxxx>
> > Cc: Ruhl, Michael J <michael.j.ruhl@xxxxxxxxx>; Torvalds, Linus <torvalds@linux-
> > foundation.org>; linux-rdma@xxxxxxxxxxxxxxx
> > Subject: Re: [PATCH] RDMA/netlink: OOPs in rdma_nl_rcv_msg() from
> > misinterpreted flag
> >
> > On Mon, Oct 23, 2017 at 01:39:44PM -0400, Doug Ledford wrote:
> > > On Mon, 2017-10-23 at 20:12 +0300, Leon Romanovsky wrote:
> > > > On Mon, Oct 23, 2017 at 10:49:24AM -0400, Doug Ledford wrote:
> > > > > On 10/23/2017 4:11 AM, Leon Romanovsky wrote:
> > > > Doug,
> > > >
> > > > It has very little related to security here. The RDMA_NL_LS netlink
> > > > operations require CAP_NET_ADMIN capability set and it is checked
> > > > before
> > > > calling any callback.
> > >
> > > I disagree.  In this particular case, it wasn't a nefarious user, it
> > > was a simple misconfiguration that cause the kernel to oops.  So even
> > > if you have CAP_NET_ADMIN, you still don't want a user space issue to
> > > oops the kernel.  If you simply don't allow it to happen, then whether
> > > the CAP_NET_ADMIN program has been compromised by a black hat user is
> > > irrelevant.  That seems the right way to be to me.
> >
> > OK, fix exists and if you want to call it "security issue", let's call it so.
> >
> > Despite the fact that root misconfigured the system, root run the program,
> > root crashed the system, like all over kernel oops we are seeing in linux kernel.
> >
> > Thanks
>
> I did repeat this once without the misconfiguration.
>
> The scenario was that I had that a local (ibacm client 0) did a look up, got an error, and the system crashed.
>
> I have been trying to remember what I did, but haven't repeated it a second time.  I will see if I can figure out how to make it happen again.

Actually, you need to cause an error from ibacm side.

Just send a fix with stable tag.

Thanks for doing that.

>
> M
>
>
>
> > >
> > > --
> > > Doug Ledford <dledford@xxxxxxxxxx>
> > >     GPG KeyID: B826A3330E572FDD
> > >     Key fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD
> > >

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux