lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Feb 2008 11:04:44 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: xfrm_input() and ->seq oddities On Sun, Feb 03, 2008 at 02:05:16PM +1100, Herbert Xu wrote: > On Sun, Feb 03, 2008 at 12:37:19AM +0000, Al Viro wrote: > > > > This is still very odd... Where do you initialize ->seq.input? What > > In xfrm_input. > > > guarantees that async call of xfrm_input() will be always preceded by > > at least one non-async one? > > OK I admit it isn't pretty. But the encap_type argument is reused to > indicate async resumption. That is, if we enter with encap_type < 0, > it means that we're resuming a previous operation and seq.input has > therefore been set by the previous xfrm_input call. *Ouch* So what you are saying is * callers of xfrm_input_resume() are in callbacks that couldn't have been set other than from esp_input()/esp6_input() * these two could have only been called via ->type->input() * ->type->input() is called from xfrm_input(), immediately after having set ->seq.input, *or* from xfrm6_input_addr(). The former is safe. * xfrm6_input_addr() calls ->type->input() of object it gets from xfrm_state_lookup_byaddr(). The protocol number passed to the latter comes from xfrm6_input_addr() argument. * the protocol numbers given to xfrm6_input_addr() by its callers are IPPROTO_DSTOPTS and IPPROTO_ROUTING resp; ->input() instances in their xfrm_type do *not* set callbacks that could lead to xfrm_input_resume(), so we are safe. IMO that at least deserves a comment near xfrm_input()... doe -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists