| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49bbe54a-4b55-48a7-bfb4-30a222cb7d4f@oracle.com>
Date: Wed, 12 Nov 2025 10:47:10 -0500
From: Chuck Lever <chuck.lever@...cle.com>
To: alistair23@...il.com, hare@...nel.org,
kernel-tls-handshake@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
linux-nvme@...ts.infradead.org, linux-nfs@...r.kernel.org
Cc: kbusch@...nel.org, axboe@...nel.dk, hch@....de, sagi@...mberg.me,
kch@...dia.com, hare@...e.de,
Alistair Francis <alistair.francis@....com>
Subject: Re: [PATCH v5 2/6] net/handshake: Define handshake_sk_destruct_req
On 11/11/25 11:27 PM, alistair23@...il.com wrote:
> From: Alistair Francis <alistair.francis@....com>
>
> Define a `handshake_sk_destruct_req()` function to allow the destruction
> of the handshake req.
>
> This is required to avoid hash conflicts when handshake_req_hash_add()
> is called as part of submitting the KeyUpdate request.
>
> Signed-off-by: Alistair Francis <alistair.francis@....com>
> Reviewed-by: Hannes Reinecke <hare@...e.de>
> ---
> v5:
> - No change
> v4:
> - No change
> v3:
> - New patch
>
> net/handshake/request.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/net/handshake/request.c b/net/handshake/request.c
> index 274d2c89b6b2..0d1c91c80478 100644
> --- a/net/handshake/request.c
> +++ b/net/handshake/request.c
> @@ -98,6 +98,22 @@ static void handshake_sk_destruct(struct sock *sk)
> sk_destruct(sk);
> }
>
> +/**
> + * handshake_sk_destruct_req - destroy an existing request
> + * @sk: socket on which there is an existing request
Generally the kdoc style is unnecessary for static helper functions,
especially functions with only a single caller.
This all looks so much like handshake_sk_destruct(). Consider
eliminating the code duplication by splitting that function into a
couple of helpers instead of adding this one.
> + */
> +static void handshake_sk_destruct_req(struct sock *sk)
Because this function is static, I imagine that the compiler will
bark about the addition of an unused function. Perhaps it would
be better to combine 2/6 and 3/6.
That would also make it easier for reviewers to check the resource
accounting issues mentioned below.
> +{
> + struct handshake_req *req;
> +
> + req = handshake_req_hash_lookup(sk);
> + if (!req)
> + return;
> +
> + trace_handshake_destruct(sock_net(sk), req, sk);
Wondering if this function needs to preserve the socket's destructor
callback chain like so:
+ void (sk_destruct)(struct sock sk);
...
+ sk_destruct = req->hr_odestruct;
+ sk->sk_destruct = sk_destruct;
then:
> + handshake_req_destroy(req);
Because of the current code organization and patch ordering, it's
difficult to confirm that sock_put() isn't necessary here.
> +}
> +
> /**
> * handshake_req_alloc - Allocate a handshake request
> * @proto: security protocol
There's no synchronization preventing concurrent handshake_req_cancel()
calls from accessing the request after it's freed during handshake
completion. That is one reason why handshake_complete() leaves completed
requests in the hash.
So I'm thinking that removing requests like this is not going to work
out. Would it work better if handshake_req_hash_add() could recognize
that a KeyUpdate is going on, and allow replacement of a hashed
request? I haven't thought that through.
As always, please double-check my questions and assumptions before
revising this patch!
--
Chuck Lever
Powered by blists - more mailing lists