| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Jan 2012 08:30:25 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: MuraliRaja Muniraju <muralira@...gle.com>
Cc: netdev@...r.kernel.org
Subject: Re: Query regarding a code snippet in __inet_lookup_established.
Le vendredi 20 janvier 2012 à 17:02 -0800, MuraliRaja Muniraju a écrit :
> Hi All,
> In function __inet_lookup_established, I do see a potential issue
> in a corner case while reading through the code where socket can be
> freed while being in the list and also while in rcu_read critical
> section.
> rcu_read_lock();
> begin:
> sk_nulls_for_each_rcu(sk, node, &head->chain) {
> if (INET_MATCH(sk, net, hash, acookie,
> saddr, daddr, ports, dif)) {
> if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt)))
> goto begintw;
> if (unlikely(!INET_MATCH(sk, net, hash, acookie,
> saddr, daddr, ports, dif))) {
> Murali> sock_put(sk);
> Murali> goto begin;
> }
> goto out;
> }
> }
>
> I am not certain under what scenario this might occur. Can someone let
> me know if this is a possibility.
Since we succeeded in atomic_inc_not_zero(&sk->sk_refcnt), socket cannot
be freed until our sock_put()
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists