lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2014 14:37:41 -0700 From: Martin Kelly <martin@...tingkelly.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, Paul McKenney <paulmck@...ux.vnet.ibm.com>, Stephen Hemminger <stephen@...workplumber.org> Subject: Re: Question about synchronize_net() in AF_PACKET close() > The synchronize_net() is also there to protect against the prot hook > which can run asynchronously from the core packet input path on any > cpu. > Yes, understood. What I'm not clear about is whether it is safe to do the following: unregister_prot_hook(sk, false); sock_orphan(sk); sock->sk = NULL; call_rcu(...); close socket, return to userspace instead of unregister_prot_hook(sk, false); synchronize_net(); sock_orphan(sk); sock->sk = NULL; close socket, return to userspace If you don't call synchronize_net() immediately, then other readers could see the protocol hook in the protocol list and try to use it. They could call into prot_hook.func. However, it appears that such functions ( e.g. packet_rcv() ) touch the socket buffer but not the socket itself, so orphaning the socket before all RCUs have been processed is safe. In addition, no new packets will come in after packet_release() and touch the socket because the socket fd will be removed from the process fd list. >From my testing, I'm not seeing any obvious issues, but I could be missing something. Is orphaning the socket before all RCUs have finished unsafe? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists