| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220709083641.2060-1-yin31149@gmail.com>
Date: Sat, 9 Jul 2022 16:36:42 +0800
From: Hawkins Jiawei <yin31149@...il.com>
To: kuba@...nel.org
Cc: 18801353760@....com, andrii@...nel.org, ast@...nel.org,
borisp@...dia.com, bpf@...r.kernel.org, daniel@...earbox.net,
davem@...emloft.net, dsahern@...nel.org, edumazet@...gle.com,
guwen@...ux.alibaba.com, john.fastabend@...il.com, kafai@...com,
kgraul@...ux.ibm.com, kpsingh@...nel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
pabeni@...hat.com, paskripkin@...il.com, skhan@...uxfoundation.org,
songliubraving@...com,
syzbot+5f26f85569bd179c18ce@...kaller.appspotmail.com,
syzkaller-bugs@...glegroups.com, yhs@...com, yin31149@...il.com,
yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)
On Sat, 9 Jul 2022 at 11:06, Jakub Kicinski <kuba@...nel.org> wrote:
> On Sat, 9 Jul 2022 10:46:59 +0800 Hawkins Jiawei wrote:
> > Reported-and-tested-by: syzbot+5f26f85569bd179c18ce@...kaller.appspotmail.com
> > Signed-off-by: hawk <18801353760@....com>
> > ---
> > net/ipv4/tcp.c | 13 +++++++++++++
> > 1 file changed, 13 insertions(+)
> >
> > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> > index 9984d23a7f3e..a1e6cab2c748 100644
> > --- a/net/ipv4/tcp.c
> > +++ b/net/ipv4/tcp.c
> > @@ -3395,10 +3395,23 @@ static int do_tcp_setsockopt(struct sock *sk, int level, int optname,
> > }
> > case TCP_ULP: {
> > char name[TCP_ULP_NAME_MAX];
> > + struct sock *smc_sock;
> >
> > if (optlen < 1)
> > return -EINVAL;
> >
> > + /* SMC sk_user_data may be treated as psock,
> > + * which triggers a refcnt warning.
> > + */
> > + rcu_read_lock();
> > + smc_sock = rcu_dereference_sk_user_data(sk);
> > + if (level == SOL_TCP && smc_sock &&
> > + smc_sock->__sk_common.skc_family == AF_SMC) {
>
> This should prolly be under the socket lock?
>
> Can we add a bit to SK_USER_DATA_PTRMASK and have ULP-compatible
> users (sockmap) opt into ULP cooperation? Modifying TCP is backwards,
> layer-wise.
Thanks for your suggestion, I also agree that modifying TCP directly
is not wise.
I am sorry that I can't follow you on haveing ULP-compatible
users (sockmap) opt into ULP cooperation, yet adding a bit to
SK_USER_DATA_PTRMASK seems like a good way.
I plan to add a mask bit, and check it during sk_psock_get(),
in v2 patch
>
> > + rcu_read_unlock();
> > + return -EOPNOTSUPP;
> > + }
> > + rcu_read_unlock();
> > +
Powered by blists - more mailing lists