| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Mar 2015 18:31:42 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, salo@...gle.com Subject: Re: [PATCH net-next] net: add real socket cookies On Wed, 2015-03-11 at 21:21 -0400, David Miller wrote: > From: Eric Dumazet <eric.dumazet@...il.com> > Date: Wed, 11 Mar 2015 15:30:35 -0700 > > > Note that sk_clone_lock() really does the clear for us : > > > > net/core/sock.c:1541: atomic64_set(&newsk->sk_cookie, 0); > > > > atomic_cmpxchg() is needed here in case a concurrent dumper already > > caught the new socket. > > How is newsk visible at this moment? > > It is freshly allocated, and not present in any tables. Nothing even > indirectly links to it at this point. > > Visibility only happens after we return from this function, in > routines such as tcp_v4_syn_recv_sock() which do the hash table > insertion. Yes, but remember we use RCU with SLAB_DESTROY_BY_RCU thing, and inet_diag_dump_one_icsk() uses RCU as well. I wanted to be extra careful here. Note that with v2, this atomic_cmpxchg() wont happen unless one dump operation previously revealed the SYN_RECV to the world. I have no strong opinion and definitely it is currently safe to use atomic64_set() here. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists