lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.02.1406110011170.11647@dtop>
Date:	Wed, 11 Jun 2014 00:20:12 -0700 (PDT)
From:	dormando <dormando@...ia.net>
To:	Eric Dumazet <eric.dumazet@...il.com>
cc:	Alexey Preobrazhensky <preobr@...gle.com>,
	Steffen Klassert <steffen.klassert@...unet.com>,
	David Miller <davem@...emloft.net>, paulmck@...ux.vnet.ibm.com,
	netdev@...r.kernel.org, Kostya Serebryany <kcc@...gle.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	Lars Bull <larsbull@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Bruce Curtis <brutus@...gle.com>,
	Maciej Żenczykowski <maze@...gle.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb()

On Tue, 10 Jun 2014, Eric Dumazet wrote:

> On Tue, 2014-06-10 at 21:16 -0700, dormando wrote:
>
> > Ran our udpkill util against 3.10.42 with both of your patches applied...
> > seems like it ran a bit longer than normally would with this test (15-20
> > minutes), then died:
>
> Well, could you try a recent kernel instead ?
>
> I can see some races and fixes are probably worth it.
>
> $ git log --oneline v3.10.42..v3.15 net/ipv4/route.c
> fbdc0ad ipv4: initialise the itag variable in __mkroute_input
> 0d5edc6 ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source()
> aad8872 ipv4: add a sock pointer to dst->output() path.
> 9114615 ipv4: return valid RTA_IIF on ip route get
> 3ed66e9 net: replace __this_cpu_inc in route.c with raw_cpu_inc
> 0b8c7f6 ipv4: remove ip_rt_dump from route.c
> 4a4eb21 ipv4: remove ipv4_ifdown_dst from route.c
> 1e8d642 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> a625486 ipv4: fix counter in_slow_tot
> cd0f0b9 ipv4: distinguish EHOSTUNREACH from the ENETUNREACH
> 2045cea net: remove unnecessary return's
> f87c10a ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing
> dcdfdf5 ipv4: fix race in concurrent ip_route_input_slow()
> 482fc60 ipv4: introduce new IP_MTU_DISCOVER mode IP_PMTUDISC_INTERFACE
> 0baf2b3 ipv4: shrink rt_cache_stat
> 0a7e226 ipv4: fix ineffective source address selection
> 734d272 ipv4: raise IP_MAX_MTU to theoretical limit
> ca4c3fc net: split rt_genid for ipv4 and ipv6
> 2ffae99 ipv4: use next hop exceptions also for input routes
> fe2c633 net: Convert uses of typedef ctl_table to struct ctl_table
> 6bc19fb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> 5aad1de ipv4: use separate genid for next hop exceptions
> f016229 ipv4: rate limit updating of next hop exceptions with same pmtu
> 387aa65 ipv4: properly refresh rtable entries on pmtu/redirect events
>
>

Newest I can realistically roll would be 3.14.6, so I just tried
that... Without your two patches, it still dies from the UDP bug.

Unfortunately 3.14 has a few regressions.. one is some bad CPU usage i'll
have to track down, and two something about pstore is broken, so I can't
get the trace from the crash. It's compressing now and has more of the
kernel log, but it's missing the actual panic part.

$ git log --oneline v3.14..v3.15 net/ipv4/route.c
fbdc0ad ipv4: initialise the itag variable in __mkroute_input
0d5edc6 ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source()
aad8872 ipv4: add a sock pointer to dst->output() path.
9114615 ipv4: return valid RTA_IIF on ip route get
3ed66e9 net: replace __this_cpu_inc in route.c with raw_cpu_inc
0b8c7f6 ipv4: remove ip_rt_dump from route.c
4a4eb21 ipv4: remove ipv4_ifdown_dst from route.c
1e8d642 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2045cea net: remove unnecessary return's

No more obvious race fixes. I can try 3.15 fully vanilla but I'm having
doubts?

We have a few patches on top of this, but none of them are active at the
time of my test. I've tried removing them in the past and it did nothing
as well.

Sorry :(
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ