lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 26 Jan 2009 22:30:30 +0100
From:	Martin MOKREJŠ <mmokrejs@...osome.natur.cuni.cz>
To:	Jarek Poplawski <jarkao2@...il.com>
CC:	Vegard Nossum <vegard.nossum@...il.com>,
	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] net: fix setsockopt() locking errors

The patch really did not help:
http://bugzilla.kernel.org/show_bug.cgi?id=12515#c5
Martin

Jarek Poplawski wrote:
> On 24-01-2009 23:49, Vegard Nossum wrote:
>> Hi,
>>
>> This survives basic testing here, but I don't know what that counts for
>> when I couldn't reproduce the lockdep report in the first place. Please
>> review.
>>
>>
>> Vegard
>>
>>
>> From cc8bcd1c4fd219a31d6d191aefa4b4b57dadb9b0 Mon Sep 17 00:00:00 2001
>> From: Vegard Nossum <vegard.nossum@...il.com>
>> Date: Sat, 24 Jan 2009 22:44:16 +0100
>> Subject: [PATCH] net: fix setsockopt() locking errors
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset=utf-8
>> Content-Transfer-Encoding: 8bit
>>
>> Martin MOKREJ.  <mmokrejs@...osome.natur.cuni.cz> reported:
>>> =======================================================
>>> [ INFO: possible circular locking dependency detected ]
>>> 2.6.29-rc2-git1 #1
>>> -------------------------------------------------------
>>> tcpdump/3734 is trying to acquire lock:
>>>  (&mm->mmap_sem){----}, at: [<c1053294>] might_fault+0x30/0x6b
>>>
>>> but task is already holding lock:
>>>  (sk_lock-AF_PACKET){--..}, at: [<c12798c8>] sock_setsockopt+0x12b/0x4a4
>>>
>>> which lock already depends on the new lock.
>> It turns out that sock_setsockopt() is calling copy_from_user() while
>> holding the lock on the socket.
> 
> I guess it has been like this for some time, so it would be nice to
> mention what scenario happens here, or IOW what exactly needs to get
> these locks in reverse order.
> 
>> We fix it by splitting the ioctl code
>> so that one switch handles the ioctls that have their own code for
>> reading from userspace, and one switch handles the cases that require
>> no additional reading.
>>
>> Reported-by: Martin MOKREJ.  <mmokrejs@...osome.natur.cuni.cz>
>> Signed-off-by: Vegard Nossum <vegard.nossum@...il.com>
>> ---
>>  net/core/sock.c |  134 +++++++++++++++++++++++++++++++++++-------------------
>>  1 files changed, 87 insertions(+), 47 deletions(-)
>>
>> diff --git a/net/core/sock.c b/net/core/sock.c
>> index f3a0d08..6bd618d 100644
>> --- a/net/core/sock.c
>> +++ b/net/core/sock.c
>> @@ -424,6 +424,80 @@ out:
>>  	return ret;
>>  }
>>  
>> +static int sock_linger(struct sock *sk, char __user *optval, int optlen)
> ...
>> +static int sock_set_rcvtimeo(struct sock *sk, char __user *optval, int optlen)
>> +{
>> +	int ret;
>> +	long rcvtimeo;
>> +
>> +	ret = sock_set_timeout(&rcvtimeo, optval, optlen);
> 
> A check for error is needed here and below.
> 
[cut]
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ