lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Mar 2017 21:38:07 -0800 From: Cong Wang <xiyou.wangcong@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Dmitry Vyukov <dvyukov@...gle.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Gerrit Renker <gerrit@....abdn.ac.uk>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH net] dccp: fix use-after-free in dccp_feat_activate_values On Sun, Mar 5, 2017 at 10:52 AM, Eric Dumazet <eric.dumazet@...il.com> wrote: > --- a/net/dccp/minisocks.c > +++ b/net/dccp/minisocks.c > @@ -142,6 +142,13 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb, > struct dccp_request_sock *dreq = dccp_rsk(req); > bool own_req; > > + /* TCP/DCCP listeners became lockless. > + * DCCP stores complex state in its request_sock, so we need > + * a protection for them, now this code runs without being protected > + * by the parent (listener) lock. > + */ > + spin_lock_bh(&dreq->dreq_lock); > + Do you really want to disable BH again here? dccp_check_req() should be always called on RX path where BH is already disabled and BH can't be disabled twice?
Powered by blists - more mailing lists