lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Jan 2012 17:02:36 -0800
From:	MuraliRaja Muniraju <muralira@...gle.com>
To:	netdev@...r.kernel.org
Subject: Query regarding a code snippet in __inet_lookup_established.

Hi All,
    In function __inet_lookup_established, I do see a potential issue
in a corner case while reading through the code where socket can be
freed while being in the list and also while in rcu_read critical
section.
        rcu_read_lock();
begin:
        sk_nulls_for_each_rcu(sk, node, &head->chain) {
                if (INET_MATCH(sk, net, hash, acookie,
                                        saddr, daddr, ports, dif)) {
                        if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt)))
                                goto begintw;
                        if (unlikely(!INET_MATCH(sk, net, hash, acookie,
                                saddr, daddr, ports, dif))) {
Murali>                                sock_put(sk);
Murali>                                goto begin;
                        }
                        goto out;
                }
        }

I am not certain under what scenario this might occur. Can someone let
me know if this is a possibility.
-- 
Thanks,
Murali
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists