lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B191297.5020304@gmail.com>
Date:	Fri, 04 Dec 2009 14:45:59 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	kapil dakhane <kdakhane@...il.com>,
	"David S. Miller" <davem@...emloft.net>
CC:	netdev@...r.kernel.org, netfilter@...r.kernel.org,
	Evgeniy Polyakov <zbr@...emap.net>
Subject: [PATCH 0/2] tcp: Fix connect() races with timewait sockets

Eric Dumazet a écrit :
> [PATCH] tcp: Fix a connect() race with timewait sockets
> 
> When we find a timewait connection in __inet_hash_connect() and reuse
> it for a new connection request, we have a race window, releasing bind
> list lock and reacquiring it in __inet_twsk_kill() to remove timewait
> socket from list.
> 
> Another thread might find the timewait socket we already chose, leading to
> list corruption and crashes.
> 
> Fix is to remove timewait socket from bind list before releasing the lock.

I cooked two patches on top of net-next-2.6 to solve the two last
race problems I am aware of.

Kapil, if you want to test them, make sure you take last net-next-2.6 snapshot.

First patch changes __inet_hash_nolisten() and __inet6_hash()
to get a timewait parameter to be able to unhash it from ehash
at same time the new socket is inserted into ehash.

Second patch is a respin of the first patch I sent :
It makes sure __inet_has_connect() cannot give same timewait socket
to different threads.

Thanks !

Reported-by: kapil dakhane <kdakhane@...il.com>
Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ