lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20130626.134405.464630881670006463.davem@davemloft.net>
Date:	Wed, 26 Jun 2013 13:44:05 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	eric.dumazet@...il.com
Cc:	nschichan@...ebox.fr, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, edumazet@...gle.com,
	xiyou.wangcong@...il.com
Subject: Re: [PATCH v3.10-rc7] net: fix kernel deadlock with interface
 rename and netdev name retrieval.

From: Eric Dumazet <eric.dumazet@...il.com>
Date: Wed, 26 Jun 2013 09:33:34 -0700

> On Wed, 2013-06-26 at 17:23 +0200, Nicolas Schichan wrote:
>> When the kernel (compiled with CONFIG_PREEMPT=n) is performing the
>> rename of a network interface, it can end up waiting for a workqueue
>> to complete. If userland is able to invoke a SIOCGIFNAME ioctl or a
>> SO_BINDTODEVICE getsockopt in between, the kernel will deadlock due to
>> the fact that read_secklock_begin() will spin forever waiting for the
>> writer process (the one doing the interface rename) to update the
>> devnet_rename_seq sequence.
>> 
>> This patch fixes the problem by adding a helper (netdev_get_name())
>> and using it in the code handling the SIOCGIFNAME ioctl and
>> SO_BINDTODEVICE setsockopt.
>> 
>> The netdev_get_name() helper uses raw_seqcount_begin() to avoid
>> spinning forever, waiting for devnet_rename_seq->sequence to become
>> even. cond_resched() is used in the contended case, before retrying
>> the access to give the writer process a chance to finish.
>> 
>> The use of raw_seqcount_begin() will incur some unneeded work in the
>> reader process in the contended case, but this is better than
>> deadlocking the system.
>> 
>> Signed-off-by: Nicolas Schichan <nschichan@...ebox.fr>
>> ---
> 
> This goes back to commit c91f6df2db49
> ("sockopt: Change getsockopt() of SO_BINDTODEVICE to return an interface
> name") in linux-3.8
> 
> Acked-by: Eric Dumazet <edumazet@...gle.com>

Applied and queued up for -stable, thanks everyone.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ