lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Mar 2021 10:52:36 +0100
From:   Eric Dumazet <edumazet@...gle.com>
To:     Pavel Machek <pavel@...x.de>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>, stable@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH 4.19 012/120] tcp: annotate tp->write_seq lockless reads

On Tue, Mar 16, 2021 at 10:50 AM Pavel Machek <pavel@...x.de> wrote:
>
> Hi!
>
> > From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> >
> > From: Eric Dumazet <edumazet@...gle.com>
>
> Dup.
>
>
> > We need to add READ_ONCE() annotations, and also make
> > sure write sides use corresponding WRITE_ONCE() to avoid
> > store-tearing.
>
> > @@ -1037,7 +1037,7 @@ new_segment:
> >               sk->sk_wmem_queued += copy;
> >               sk_mem_charge(sk, copy);
> >               skb->ip_summed = CHECKSUM_PARTIAL;
> > -             tp->write_seq += copy;
> > +             WRITE_ONCE(tp->write_seq, tp->write_seq + copy);
> >               TCP_SKB_CB(skb)->end_seq += copy;
> >               tcp_skb_pcount_set(skb, 0);
> >
>
> I wonder if this needs to do READ_ONCE, too?

No, because we hold the socket lock.

This is a backport to ease another backport, please try to review
patches when they hit mainline, if you have any concerns.

>
> > @@ -1391,7 +1391,7 @@ new_segment:
> >               if (!copied)
> >                       TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
> >
> > -             tp->write_seq += copy;
> > +             WRITE_ONCE(tp->write_seq, tp->write_seq + copy);
> >               TCP_SKB_CB(skb)->end_seq += copy;
> >               tcp_skb_pcount_set(skb, 0);
> >
>
> And here.
>
> > @@ -2593,9 +2594,12 @@ int tcp_disconnect(struct sock *sk, int
> >       sock_reset_flag(sk, SOCK_DONE);
> >       tp->srtt_us = 0;
> >       tp->rcv_rtt_last_tsecr = 0;
> > -     tp->write_seq += tp->max_window + 2;
> > -     if (tp->write_seq == 0)
> > -             tp->write_seq = 1;
> > +
> > +     seq = tp->write_seq + tp->max_window + 2;
> > +     if (!seq)
> > +             seq = 1;
> > +     WRITE_ONCE(tp->write_seq, seq);
>
> And here.
>
> > --- a/net/ipv4/tcp_minisocks.c
> > +++ b/net/ipv4/tcp_minisocks.c
> > @@ -510,7 +510,7 @@ struct sock *tcp_create_openreq_child(co
> >       newtp->app_limited = ~0U;
> >
> >       tcp_init_xmit_timers(newsk);
> > -     newtp->write_seq = newtp->pushed_seq = treq->snt_isn + 1;
> > +     WRITE_ONCE(newtp->write_seq, newtp->pushed_seq = treq->snt_isn + 1);
>
> Would it be better to do assignment to pushed_seq outside of
> WRITE_ONCE macro? This is ... "interesting".
>
> Best regards,
>                                                                 Pavel
> --
> DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ