| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Mar 2018 17:03:15 +0300
From: Kirill Tkhai <ktkhai@...tuozzo.com>
To: davem@...emloft.net, steffen.klassert@...unet.com,
herbert@...dor.apana.org.au, davem@...emloft.net,
pablo@...filter.org, kadlec@...ckhole.kfki.hu, fw@...len.de,
daniel@...earbox.net, jakub.kicinski@...ronome.com, ast@...nel.org,
brouer@...hat.com, linux@...musvillemoes.dk,
john.fastabend@...il.com, dsahern@...il.com,
netdev@...r.kernel.org, ktkhai@...tuozzo.com,
netfilter-devel@...r.kernel.org, coreteam@...filter.org
Subject: [PATCH net-next 0/3] Close race between {un,
}register_netdevice_notifier and pernet_operations
Hi,
the problem is {,un}register_netdevice_notifier() do not take
pernet_ops_rwsem, and they don't see network namespaces, being
initialized in setup_net() and cleanup_net(), since at this
time net is not hashed to net_namespace_list.
This may lead to imbalance, when a notifier is called at time of
setup_net()/net is alive, but it's not called at time of cleanup_net(),
for the devices, hashed to the net, and vise versa. See (3/3) for
the scheme of imbalance.
This patchset fixes the problem by acquiring pernet_ops_rwsem
at the time of {,un}register_netdevice_notifier() (3/3).
(1-2/3) are preparations in xfrm and netfilter subsystems.
The problem was introduced a long ago, but backporting won't be easy,
since every previous kernel version may have changes in netdevice
notifiers, and they all need review and testing. Otherwise, there
may be more pernet_operations, which register or unregister
netdevice notifiers, and that leads to deadlock (which is was fixed
in 1-2/3). This patchset is for net-next.
Thanks,
Kirill
---
Kirill Tkhai (3):
xfrm: Register xfrm_dev_notifier in appropriate place
netfilter: Rework xt_TEE netdevice notifier
net: Close race between {un,}register_netdevice_notifier() and setup_net()/cleanup_net()
include/net/xfrm.h | 2 +
net/core/dev.c | 6 ++++
net/netfilter/xt_TEE.c | 73 ++++++++++++++++++++++++++++++------------------
net/xfrm/xfrm_device.c | 2 +
net/xfrm/xfrm_policy.c | 3 +-
5 files changed, 55 insertions(+), 31 deletions(-)
--
Signed-off-by: Kirill Tkhai <ktkhai@...tuozzo.com>
Powered by blists - more mailing lists