lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d3fccbd0-c92e-9aff-8c32-48c1171746c3@ispras.ru>
Date:   Fri, 26 May 2023 19:41:07 +0300
From:   Vlad Efanov <vefanov@...ras.ru>
To:     Eric Dumazet <edumazet@...gle.com>
Cc:     Paolo Abeni <pabeni@...hat.com>,
        Willem de Bruijn <willemdebruijn.kernel@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        David Ahern <dsahern@...nel.org>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH] udp6: Fix race condition in udp6_sendmsg & connect

sk_dst_set() is called by sk_setup_caps().

sk_dst_set() replaces dst in socket using xchg() call and we still have 
two tasks use one socket but expect different dst in sk_dst_cache.


__sk_dst_set() is rcu protected, but it checks for socket lock.


static inline void
__sk_dst_set(struct sock *sk, struct dst_entry *dst)
{
     struct dst_entry *old_dst;

     sk_tx_queue_clear(sk);
     sk->sk_dst_pending_confirm = 0;
     old_dst = rcu_dereference_protected(sk->sk_dst_cache,
                         lockdep_sock_is_held(sk));
     rcu_assign_pointer(sk->sk_dst_cache, dst);
     dst_release(old_dst);
}


Best regards.

Vlad.


On 26.05.2023 19:00, Eric Dumazet wrote:
> On Fri, May 26, 2023 at 5:58 PM Ефанов Владислав Александрович
> <vefanov@...ras.ru> wrote:
>> Paolo,
>>
>>
>> I don't think that we can just move sk_dst_set() call.
>>
>> I think we can destroy dst of sendmsg task in this case.
>>
> dst are RCU protected, it should be easy to make sure we respect all the rules.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ