lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250325032803.1542c15e@kernel.org>
Date: Tue, 25 Mar 2025 03:28:03 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Stanislav Fomichev <stfomichev@...il.com>
Cc: Stanislav Fomichev <sdf@...ichev.me>, netdev@...r.kernel.org,
 davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
 linux-kernel@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
 jiri@...nulli.us, horms@...nel.org
Subject: Re: [PATCH net-next v2] net: hold netdev reference during
 qdisc_create request_module

On Mon, 24 Mar 2025 15:22:17 -0700 Stanislav Fomichev wrote:
> > I'm not sure if this is a correct sequence. Do we guarantee that locks
> > will be taken before device is freed? I mean we do:
> > 
> > 	dev = netdev_wait_allrefs_any()
> > 	free_netdev(dev)
> > 		mutex_destroy(dev->lock)
> > 
> > without explicitly taking rtnl_lock() or netdev_lock(), so the moment
> > that dev_put() is called the device may get freed from another thread
> > - while its locked here.
> > 
> > My mental model is that taking the instance lock on a dev for which we
> > only have a ref requires a dance implemented in __netdev_put_lock().  
> 
> Good point, didn't think about it. In this case, I think I need to
> get back to exposing locked/unlocked signal back to the callers.
> Even with __netdev_put_lock, there is a case where the netdev is
> dead and can't be relocked. Will add some new 'bool *locked' argument
> and reset it here; the caller will skip unlock when 'locked == false'.
> LMK if you have better ideas, otherwise will post something tomorrow.

I wonder if we can bubble up this module loading business all the way
to tc_modify_qdisc(), before we look up the dev. At this point we
already checked that user has permissions, so we can load the module,
whether the request is valid or not? Instead of adding another bool
we can probably kill the "replay" silliness.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ