| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_ddE0oUPXijkFJbWF6tFTq5TntpFMzDWH+uV_kc+KB7VA@mail.gmail.com>
Date: Fri, 24 Oct 2025 09:27:53 -0400
From: Xin Long <lucien.xin@...il.com>
To: Stefan Wiehler <stefan.wiehler@...ia.com>
Cc: Kuniyuki Iwashima <kuniyu@...gle.com>, davem@...emloft.net, edumazet@...gle.com,
horms@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org,
linux-sctp@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com
Subject: Re: [PATCH net] sctp: Hold RCU read lock while iterating over address list
On Fri, Oct 24, 2025 at 4:51 AM Stefan Wiehler <stefan.wiehler@...ia.com> wrote:
>
> > Or if lock_sock() is enough, we should use the plain
> > list_for_each_entry(), or list_for_each_entry_rcu() with
> > lockdep_sock_is_held() as the 4th arg.
>
> Right, I've already hinted in the commit comment that lock_sock() might be
> enough, but I'm not sure about it...
>
> @Xin Long, as you're the author and have already acked, I suppose we actually
> need to hold the RCU read lock?
Yes, there's a path not holding sock lock:
sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()
Kuniyuki is right about the TOCTOU issue, we do need a check there:
if (!--addrcnt)
break;
BTW, there is another addrcnt thing in inet_assoc_attr_size(), I think you
can fix it in another patch, like moving nlmsg_new(inet_assoc_attr_size(assoc))
under the lock_sock() in sctp_sock_dump_one() and delete _rcu?
Thanks.
Powered by blists - more mailing lists