lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.02.1406110022550.11647@dtop>
Date:	Wed, 11 Jun 2014 00:26:23 -0700 (PDT)
From:	dormando <dormando@...ia.net>
To:	Eric Dumazet <eric.dumazet@...il.com>
cc:	Alexey Preobrazhensky <preobr@...gle.com>,
	Steffen Klassert <steffen.klassert@...unet.com>,
	David Miller <davem@...emloft.net>, paulmck@...ux.vnet.ibm.com,
	netdev@...r.kernel.org, Kostya Serebryany <kcc@...gle.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	Lars Bull <larsbull@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Bruce Curtis <brutus@...gle.com>,
	Maciej Żenczykowski <maze@...gle.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [PATCH] ipv4: fix a race in ip4_datagram_release_cb()

On Wed, 11 Jun 2014, dormando wrote:

> On Tue, 10 Jun 2014, Eric Dumazet wrote:
>
> > On Tue, 2014-06-10 at 21:16 -0700, dormando wrote:
> >
> > > Ran our udpkill util against 3.10.42 with both of your patches applied...
> > > seems like it ran a bit longer than normally would with this test (15-20
> > > minutes), then died:
> >
> > Well, could you try a recent kernel instead ?
> >
> > I can see some races and fixes are probably worth it.
> >
> > $ git log --oneline v3.10.42..v3.15 net/ipv4/route.c
> > fbdc0ad ipv4: initialise the itag variable in __mkroute_input
> > 0d5edc6 ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source()
> > aad8872 ipv4: add a sock pointer to dst->output() path.
> > 9114615 ipv4: return valid RTA_IIF on ip route get
> > 3ed66e9 net: replace __this_cpu_inc in route.c with raw_cpu_inc
> > 0b8c7f6 ipv4: remove ip_rt_dump from route.c
> > 4a4eb21 ipv4: remove ipv4_ifdown_dst from route.c
> > 1e8d642 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> > a625486 ipv4: fix counter in_slow_tot
> > cd0f0b9 ipv4: distinguish EHOSTUNREACH from the ENETUNREACH
> > 2045cea net: remove unnecessary return's
> > f87c10a ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing
> > dcdfdf5 ipv4: fix race in concurrent ip_route_input_slow()
> > 482fc60 ipv4: introduce new IP_MTU_DISCOVER mode IP_PMTUDISC_INTERFACE
> > 0baf2b3 ipv4: shrink rt_cache_stat
> > 0a7e226 ipv4: fix ineffective source address selection
> > 734d272 ipv4: raise IP_MAX_MTU to theoretical limit
> > ca4c3fc net: split rt_genid for ipv4 and ipv6
> > 2ffae99 ipv4: use next hop exceptions also for input routes
> > fe2c633 net: Convert uses of typedef ctl_table to struct ctl_table
> > 6bc19fb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> > 5aad1de ipv4: use separate genid for next hop exceptions
> > f016229 ipv4: rate limit updating of next hop exceptions with same pmtu
> > 387aa65 ipv4: properly refresh rtable entries on pmtu/redirect events
> >
> >
>
> Newest I can realistically roll would be 3.14.6, so I just tried
> that... Without your two patches, it still dies from the UDP bug.

--> Meant to say here that both *with* and *without* your two new patches
it still crashes.

> Unfortunately 3.14 has a few regressions.. one is some bad CPU usage i'll
> have to track down, and two something about pstore is broken, so I can't
> get the trace from the crash. It's compressing now and has more of the
> kernel log, but it's missing the actual panic part.
>
> $ git log --oneline v3.14..v3.15 net/ipv4/route.c
> fbdc0ad ipv4: initialise the itag variable in __mkroute_input
> 0d5edc6 ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source()
> aad8872 ipv4: add a sock pointer to dst->output() path.
> 9114615 ipv4: return valid RTA_IIF on ip route get
> 3ed66e9 net: replace __this_cpu_inc in route.c with raw_cpu_inc
> 0b8c7f6 ipv4: remove ip_rt_dump from route.c
> 4a4eb21 ipv4: remove ipv4_ifdown_dst from route.c
> 1e8d642 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> 2045cea net: remove unnecessary return's
>
> No more obvious race fixes. I can try 3.15 fully vanilla but I'm having
> doubts?
>
> We have a few patches on top of this, but none of them are active at the
> time of my test. I've tried removing them in the past and it did nothing
> as well.
>
> Sorry :(
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ