On Wed, 2016-11-30 at 12:00 -0500, Vladis Dronov wrote:
> Hello, Eric, Marco, all,
>
> This is JFYI and a follow-up message.
>
> A further investigation was made to find out the Linux kernel commit which has
> introduced the flaw. It appeared that previous Linux kernel versions are
> vulnerable,
Hello, Eric, Marco, all,
This is JFYI and a follow-up message.
A further investigation was made to find out the Linux kernel commit which has
introduced the flaw. It appeared that previous Linux kernel versions are
vulnerable,
down to v3.6-rc1. This fact was hidden by 'net.ipv4.tcp_fastopen' set
Hello, Eric,
> Another sk_filter() is used in tcp v6.
> So the correct patch would be :
Thank you much for your research. I'm happy my report
has resulted as the proposed patch.
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
On Thu, 2016-11-10 at 11:49 -0800, Eric Dumazet wrote:
> On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote:
>
> > The issue is that sk_filter() truncates an incoming packet to a smaller
> > value.
> >
> > Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated.
> >
> > I guess othe
On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote:
> The issue is that sk_filter() truncates an incoming packet to a smaller
> value.
>
> Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated.
>
> I guess other issues would also happen if the truncation also removes
> part of tcp
On Thu, 2016-11-10 at 07:44 -0800, Eric Dumazet wrote:
> On Thu, 2016-11-10 at 09:47 -0500, Vladis Dronov wrote:
> > Hello,
> >
> > It was discovered by Marco Grassi (many thanks) that
> > the
> > latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making
> > certain syscalls:
On Thu, 2016-11-10 at 09:47 -0500, Vladis Dronov wrote:
> Hello,
>
> It was discovered by Marco Grassi (many thanks) that the
> latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making
> certain syscalls:
>
> [9.622886] kernel BUG at net/ipv4/tcp_input.c:4813!
> [9.62
On Thu, Nov 10, 2016 at 09:47:26AM -0500, Vladis Dronov wrote:
> Hello,
>
> It was discovered by Marco Grassi (many thanks) that the
> latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making
> certain syscalls:
>
> [9.622886] kernel BUG at net/ipv4/tcp_input.c:4813!
> [
Hello,
It was discovered by Marco Grassi (many thanks) that the
latest stable Linux kernel v4.8.6 is crashing in tcp_collapse() after making
certain syscalls:
[9.622886] kernel BUG at net/ipv4/tcp_input.c:4813!
[9.623299] invalid opcode: [#1] SMP
[9.623642] Modules linked in: ip
