> On 7/5/19 11:30 AM, Lorenzo Bianconi wrote:
> > looking at the reproducer it seems to me the issue is due to the use of
> > 'NTF_USE' from userspace.
> > Should we unschedule the neigh timer if we are in IN_TIMER receiving this
> > flag from userspace? (taking appropriate locking)
>
> I think yo
On 7/5/19 11:30 AM, Lorenzo Bianconi wrote:
> looking at the reproducer it seems to me the issue is due to the use of
> 'NTF_USE' from userspace.
> Should we unschedule the neigh timer if we are in IN_TIMER receiving this
> flag from userspace? (taking appropriate locking)
I think you are right. D
On Jul 05, David Ahern wrote:
> On 7/4/19 3:59 PM, Marek Majkowski wrote:
> > I found a way to hit an obscure BUG in the
> > net/core/neighbour.c:neigh_add_timer(), by piping two carefully
> > crafted messages into AF_NETLINK socket.
> >
> > https://github.com/torvalds/linux/blob/v5.2-rc7/net/core
On 7/4/19 3:59 PM, Marek Majkowski wrote:
> I found a way to hit an obscure BUG in the
> net/core/neighbour.c:neigh_add_timer(), by piping two carefully
> crafted messages into AF_NETLINK socket.
>
> https://github.com/torvalds/linux/blob/v5.2-rc7/net/core/neighbour.c#L259
>
> if (unlikely(mo
2f1da142a379a9b7a7b0/double_timer_add_bug.c
You need root for AF_NETLINK socket. I would lie if I said I
understand what these netlink messages actually do.
Tested under virtme, with 5.2-rc7 kernel.
Full stack trace:
4,147643,57161310899,-;NEIGH: BUG, double timer add, state is 8
4,147644,5716
