lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200908061409.19924.paul.moore@hp.com>
Date:	Thu, 6 Aug 2009 14:09:19 -0400
From:	Paul Moore <paul.moore@...com>
To:	David Miller <davem@...emloft.net>
Cc:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	netdev@...r.kernel.org
Subject: Re: [RFC PATCH v1] tun: Cleanup error handling in tun_set_iff()

On Thursday 06 August 2009 11:02:22 am Eric W. Biederman wrote:
> Herbert Xu <herbert@...dor.apana.org.au> writes:
> > On Thu, Aug 06, 2009 at 07:27:13AM -0700, Eric W. Biederman wrote:
> >> Summarizing:
> >>
> >> tun = __tun_get(tfile);
> >> if (!tun) { // No tun we are not attached.
> >> 	 < -------------------- race opportunity
> >> 	rtnl_lock();
> >>         tun_set_iff();
> >>         rtnl_unlock();
> >> }
> >> ...
> >>
> >> We don't test if we are attached under the rtnl
> >> until we get to tun_attach();
> >>
> >> So two threads can both do:
> >>
> >> tun = __tun_get(tfile);
> >> if (!tun) {
> >> 	rtnl_lock();
> >>         tun_set_iff();
> >>             dev = __dev_get_by_name(net, "not_an_interface_name");
> >>             if (!dev) {
> >>                dev = alloc_netdev(....);
> >>                ...;
> >>                register_netdev(dev);
> >>                ...;
> >>                err = tun_attach(..);
> >>             }
> >>
> >>
> >> Only one thread is in tun_set_iff() at a time, but the other thread
> >> could have attached the file to a device before the one in tun_attach().
> >
> > Right, I see what you mean.  However I don't think this is possible
> > because the ioctl runs under the big kernel lock.
>
> Why not?  We can sleep on that code path.
> Although now that you mention it we should use unlocked_ioctl unless
> we actually need the BKL.

Dave, if you haven't already, it is probably a good idea to just forget about 
this patch.  Prior to this discussion I suspected that the TUN driver could 
use a closer look, after reading the comments from Eric and Herbert there 
isn't much suspicion left.  I'll put this on my rainy day todo list to try and 
tackle but I won't be upset if somebody beats me to it.

-- 
paul moore
linux @ hp

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ