lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 22 Oct 2011 18:51:22 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Jiri Pirko <jpirko@...hat.com>
Cc:	netdev@...r.kernel.org, davem@...emloft.net,
	bhutchings@...arflare.com, shemminger@...tta.com, fubar@...ibm.com,
	andy@...yhouse.net, tgraf@...radead.org, ebiederm@...ssion.com,
	mirqus@...il.com, kaber@...sh.net, greearb@...delatech.com,
	jesse@...ira.com, fbl@...hat.com, benjamin.poirier@...il.com,
	jzupka@...hat.com
Subject: Re: [patch net-next V2] net: introduce ethernet teaming device

Le samedi 22 octobre 2011 à 17:13 +0200, Jiri Pirko a écrit :
> >> +
> >> +/************************
> >> + * Rx path frame handler
> >> + ************************/
> >> +
> >> +/* note: already called with rcu_read_lock */
> >> +static rx_handler_result_t team_handle_frame(struct sk_buff **pskb)
> >> +{
> >> +	struct sk_buff *skb = *pskb;
> >> +	struct team_port *port;
> >> +	struct team *team;
> >> +	rx_handler_result_t res = RX_HANDLER_ANOTHER;
> >> +
> >> +	skb = skb_share_check(skb, GFP_ATOMIC);
> >> +	if (!skb)
> >> +		return RX_HANDLER_CONSUMED;
> >> +
> >> +	*pskb = skb;
> >> +
> >> +	port = team_port_get_rcu(skb->dev);
> >> +	team = port->team;
> >> +
> >> +	if (team->mode_ops.receive)
> >
> >Hmm, you need ACCESS_ONCE() here or rcu_dereference()
> >
> >See commit 4d97480b1806e883eb (bonding: use local function pointer of
> >bond->recv_probe in bond_handle_frame) for reference
> 
> I do not think so. Because mode_ops.receive changes only from
> __team_change_mode() and this can be called only in case no ports are in
> team. And team_port_del() calls synchronize_rcu().
> 



We are used to code following this template :

if (ops->handler)
	ops->handler(arguments);

But this is valid only because ops points to constant memory.


In your case, we really see its not true, dont try to pretend its safe.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ