lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Nov 2021 13:15:54 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Vincent Whitchurch <vincent.whitchurch@...s.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>
Cc:     kernel@...s.com, Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Jiang Wang <jiang.wang@...edance.com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
        Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH] af_unix: fix regression in read after shutdown

On 11/19/2021 4:05 AM, Vincent Whitchurch wrote:
> On kernels before v5.15, calling read() on a unix socket after
> shutdown(SHUT_RD) or shutdown(SHUT_RDWR) would return the data
> previously written or EOF.  But now, while read() after
> shutdown(SHUT_RD) still behaves the same way, read() after
> shutdown(SHUT_RDWR) always fails with -EINVAL.
>
> This behaviour change was apparently inadvertently introduced as part of
> a bug fix for a different regression caused by the commit adding sockmap
> support to af_unix, commit 94531cfcbe79c359 ("af_unix: Add
> unix_stream_proto for sockmap").  Those commits, for unclear reasons,
> started setting the socket state to TCP_CLOSE on shutdown(SHUT_RDWR),
> while this state change had previously only been done in
> unix_release_sock().
>
> Restore the original behaviour.  The sockmap tests in
> tests/selftests/bpf continue to pass after this patch.
>
> Fixes: d0c6416bd7091647f60 ("unix: Fix an issue in unix_shutdown causing the other end read/write failures")
> Link: https://lore.kernel.org/lkml/20211111140000.GA10779@axis.com/
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@...s.com>

This change passes the test case that lead to the original
problem report.

Tested-by: Casey Schaufler <casey@...aufler-ca.com>

> ---
>   net/unix/af_unix.c | 3 ---
>   1 file changed, 3 deletions(-)
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index 78e08e82c08c..b0bfc78e421c 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -2882,9 +2882,6 @@ static int unix_shutdown(struct socket *sock, int mode)
>   
>   	unix_state_lock(sk);
>   	sk->sk_shutdown |= mode;
> -	if ((sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) &&
> -	    mode == SHUTDOWN_MASK)
> -		sk->sk_state = TCP_CLOSE;
>   	other = unix_peer(sk);
>   	if (other)
>   		sock_hold(other);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ