lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180516074332.GB1972@nanopsycho>
Date:   Wed, 16 May 2018 09:43:32 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     Vlad Buslov <vladbu@...lanox.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
        xiyou.wangcong@...il.com, pablo@...filter.org,
        kadlec@...ckhole.kfki.hu, fw@...len.de, ast@...nel.org,
        daniel@...earbox.net, edumazet@...gle.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org, kliteyn@...lanox.com
Subject: Re: [PATCH 09/14] net: sched: don't release reference on action
 overwrite

Mon, May 14, 2018 at 04:27:10PM CEST, vladbu@...lanox.com wrote:
>Return from action init function with reference to action taken,
>even when overwriting existing action.
>
>Action init API initializes its fourth argument (pointer to pointer to
>tc action) to either existing action with same index or newly created
>action. In case of existing index(and bind argument is zero), init
>function returns without incrementing action reference counter. Caller
>of action init then proceeds working with action without actually
>holding reference to it. This means that action could be deleted
>concurrently. To prevent such scenario this patch changes action init

Be imperative to the codebase in the patch description.


>behavior to always take reference to action before returning
>successfully.

Where's the balance? Who does the release instead? I'm probably missing
something.

>
>Signed-off-by: Vlad Buslov <vladbu@...lanox.com>
>---
> net/sched/act_bpf.c        |  8 ++++----
> net/sched/act_connmark.c   |  5 +++--
> net/sched/act_csum.c       |  8 ++++----
> net/sched/act_gact.c       |  5 +++--
> net/sched/act_ife.c        | 12 +++++-------
> net/sched/act_ipt.c        |  5 +++--
> net/sched/act_mirred.c     |  5 ++---
> net/sched/act_nat.c        |  5 +++--
> net/sched/act_pedit.c      |  5 +++--
> net/sched/act_police.c     |  8 +++-----
> net/sched/act_sample.c     |  8 +++-----
> net/sched/act_simple.c     |  5 +++--
> net/sched/act_skbedit.c    |  5 +++--
> net/sched/act_skbmod.c     |  8 +++-----
> net/sched/act_tunnel_key.c |  8 +++-----
> net/sched/act_vlan.c       |  8 +++-----
> 16 files changed, 51 insertions(+), 57 deletions(-)
>
>diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c
>index 5d95c43..5554bf7 100644
>--- a/net/sched/act_bpf.c
>+++ b/net/sched/act_bpf.c
>@@ -311,9 +311,10 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla,
> 		if (bind)
> 			return 0;
> 
>-		tcf_idr_release(*act, bind);
>-		if (!replace)
>+		if (!replace) {
>+			tcf_idr_release(*act, bind);
> 			return -EEXIST;
>+		}
> 	}
> 
> 	is_bpf = tb[TCA_ACT_BPF_OPS_LEN] && tb[TCA_ACT_BPF_OPS];

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ