lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4a128348-48f9-40d7-b5bf-c3f1af27679c@intel.com>
Date: Mon, 6 Oct 2025 07:49:32 -0700
From: "Tantilov, Emil S" <emil.s.tantilov@...el.com>
To: Jakub Kicinski <kuba@...nel.org>, Jacob Keller <jacob.e.keller@...el.com>
CC: Przemek Kitszel <przemyslaw.kitszel@...el.com>, Andrew Lunn
	<andrew+netdev@...n.ch>, "David S. Miller" <davem@...emloft.net>, "Eric
 Dumazet" <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, "Pavan Kumar
 Linga" <pavan.kumar.linga@...el.com>, Alexander Lobakin
	<aleksander.lobakin@...el.com>, Willem de Bruijn <willemb@...gle.com>,
	Sridhar Samudrala <sridhar.samudrala@...el.com>, Phani Burra
	<phani.r.burra@...el.com>, Piotr Kwapulinski <piotr.kwapulinski@...el.com>,
	Simon Horman <horms@...nel.org>, Radoslaw Tyl <radoslawx.tyl@...el.com>,
	Jedrzej Jagielski <jedrzej.jagielski@...el.com>, Mateusz Polchlopek
	<mateusz.polchlopek@...el.com>, Anton Nadezhdin <anton.nadezhdin@...el.com>,
	Konstantin Ilichev <konstantin.ilichev@...el.com>, Milena Olech
	<milena.olech@...el.com>, <netdev@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, Joshua Hay <joshua.a.hay@...el.com>,
	Aleksandr Loktionov <aleksandr.loktionov@...el.com>, Chittim Madhu
	<madhu.chittim@...el.com>, Samuel Salin <Samuel.salin@...el.com>
Subject: Re: [PATCH net 3/8] idpf: fix possible race in idpf_vport_stop()



On 10/3/2025 10:43 AM, Jakub Kicinski wrote:
> On Wed, 01 Oct 2025 17:14:13 -0700 Jacob Keller wrote:
>> From: Emil Tantilov <emil.s.tantilov@...el.com>
>>
>> Make sure to clear the IDPF_VPORT_UP bit on entry. The idpf_vport_stop()
>> function is void and once called, the vport teardown is guaranteed to
>> happen. Previously the bit was cleared at the end of the function, which
>> opened it up to possible races with all instances in the driver where
>> operations were conditional on this bit being set. For example, on rmmod
>> callbacks in the middle of idpf_vport_stop() end up attempting to remove
>> MAC address filter already removed by the function:
>> idpf 0000:83:00.0: Received invalid MAC filter payload (op 536) (len 0)
> 
> Argh, please stop using the flag based state machines. They CANNOT
> replace locking. If there was proper locking in place it wouldn't
> have mattered when we clear the flag.

This patch is resolving a bug in the current logic of how the flag is 
used (not being atomic and not being cleared properly). I don't think
there is an existing lock in place to address this issue, though we are
looking to refactor the code over time to remove and/or limit how these
flags are used.
> 
> I'm guessing false negatives are okay in how you use the UP flag?
> The commit message doesn't really explain why.

I am not sure I understand the question completely, if you mean that the
flag is cleared before the vport is actually brought down, I did touch
on it at the beginning of the description, once we enter
idpf_vport_stop() we know for sure that the vport will be brought down 
and that is how the present checks in the driver for the UP flag are
being used. Specifically in the scenario that exposed this issue, the 
driver will send a message in the middle of idpf_vport_down() after
checking the flag.

Thanks,
Emil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ