lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAN+4W8ge-ZQjins-E1=GHDnsi9myFqt7pwNqMkUQHZOPHQhFvQ@mail.gmail.com>
Date:   Tue, 20 Jun 2023 15:26:05 +0100
From:   Lorenz Bauer <lmb@...valent.com>
To:     Kuniyuki Iwashima <kuniyu@...zon.com>
Cc:     andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org,
        daniel@...earbox.net, davem@...emloft.net, dsahern@...nel.org,
        edumazet@...gle.com, haoluo@...gle.com, hemanthmalla@...il.com,
        joe@...d.net.nz, john.fastabend@...il.com, jolsa@...nel.org,
        kpsingh@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org,
        linux-kselftest@...r.kernel.org, martin.lau@...ux.dev,
        mykolal@...com, netdev@...r.kernel.org, pabeni@...hat.com,
        sdf@...gle.com, shuah@...nel.org, song@...nel.org,
        willemdebruijn.kernel@...il.com, yhs@...com
Subject: Re: [PATCH bpf-next v2 3/6] net: remove duplicate reuseport_lookup functions

On Tue, Jun 13, 2023 at 7:57 PM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> The assignment to result below is buggy.  Let's say SO_REUSEPROT group
> have TCP_CLOSE and TCP_ESTABLISHED sockets.
>
>   1. Find TCP_CLOSE sk and do SO_REUSEPORT lookup
>   2. result is not NULL, but the group has TCP_ESTABLISHED sk
>   3. result = result
>   4. Find TCP_ESTABLISHED sk, which has a higher score
>   5. result = result (TCP_CLOSE) <-- should be sk.
>
> Same for v6 function.

Thanks for your explanation, I think I get it now. I misunderstood
that you were worried about returning TCP_ESTABLISHED instead of
TCP_CLOSE, but it's exactly the other way around.

I have a follow up question regarding the existing code:

    result = lookup_reuseport(net, sk, skb,
                    saddr, sport, daddr, hnum);
    /* Fall back to scoring if group has connections */
    if (result && !reuseport_has_conns(sk))
        return result;

    result = result ? : sk;
    badness = score;

Assuming that result != NULL but reuseport_has_conns() == true, we use
the reuseport socket as the result, but assign the score of sk to
badness. Shouldn't we use the score of the reuseport socket?

Thanks
Lorenz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ