| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <528C7319.5050309@redhat.com> Date: Wed, 20 Nov 2013 09:30:17 +0100 From: Daniel Borkmann <dborkman@...hat.com> To: David Miller <davem@...emloft.net> CC: netdev@...r.kernel.org, noureddine@...stanetworks.com, greearb@...delatech.com Subject: Re: [PATCH net] packet: fix use after free race in send path when dev is released On 11/20/2013 02:34 AM, David Miller wrote: > From: Daniel Borkmann <dborkman@...hat.com> > Date: Wed, 20 Nov 2013 00:08:23 +0100 > >> To avoid reverting 827d9780 entirely, we could make use of po->running >> member that gets reset when we're calling __unregister_prot_hook() in >> packet_notifier() when we receive NETDEV_DOWN or NETDEV_UNREGISTER >> notification. Plus, we still need to hold ref to the netdev, so >> that we can assure it won't be released while we're in send path. > > The avoidance of the atomic ref counting of the network device is the > main performance gain we get from that commit. > > Now we'll be doing the refcount _and_ taking a spinlock, it'll be > worse than beforehand. > > And this is doubly silly because we already have a reference > when we install the device into po->prot_hook.dev > > I bet you can fix this by just deferring the NETDEV_UNREGISTER > AF_PACKET notifier work to RCU. Yep, will try if this approach works, in other words doing the earlier exit via !po->running, plus deferring the dev_put() et al to RCU. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists