lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 03 Mar 2016 16:31:32 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	parthasarathy.bhuvaragan@...csson.com
Cc:	netdev@...r.kernel.org, tipc-discussion@...ts.sourceforge.net,
	jon.maloy@...csson.com, maloy@...jonn.com, ying.xue@...driver.com
Subject: Re: [PATCH net v1 1/1] tipc: Revert "tipc: use existing
 sk_write_queue for outgoing packet chain"

From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@...csson.com>
Date: Tue, 1 Mar 2016 11:07:09 +0100

> reverts commit 94153e36e709e ("tipc: use existing sk_write_queue for
> outgoing packet chain")
> 
> In Commit 94153e36e709e, we assume that we fill & empty the socket's
> sk_write_queue within the same lock_sock() session.
> 
> This is not true if the link is congested. During congestion, the
> socket lock is released while we wait for the congestion to cease.
> This implementation causes a nullptr exception, if the user space
> program has several threads accessing the same socket descriptor.
> 
> Consider two threads of the same program performing the following:
>      Thread1                                  Thread2
> --------------------                    ----------------------
> Enter tipc_sendmsg()                    Enter tipc_sendmsg()
> lock_sock()                             lock_sock()
> Enter tipc_link_xmit(), ret=ELINKCONG   spin on socket lock..
> sk_wait_event()                             :
> release_sock()                          grab socket lock
>     :                                   Enter tipc_link_xmit(), ret=0
>     :                                   release_sock()
> Wakeup after congestion
> lock_sock()
> skb = skb_peek(pktchain);
> !! TIPC_SKB_CB(skb)->wakeup_pending = tsk->link_cong;
> 
> In this case, the second thread transmits the buffers belonging to
> both thread1 and thread2 successfully. When the first thread wakeup
> after the congestion it assumes that the pktchain is intact and
> operates on the skb's in it, which leads to the following exception:
...
> In this commit, we maintain the skb list always in the stack.
> 
> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@...csson.com>
> Acked-by: Ying Xue <ying.xue@...driver.com>
> Acked-by: Jon Maloy <jon.maloy@...csson.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ