| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Oct 2014 10:05:06 -0700 From: Cong Wang <cwang@...pensource.com> To: John Fastabend <john.fastabend@...il.com> Cc: Cong Wang <xiyou.wangcong@...il.com>, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Jamal Hadi Salim <jhs@...atatu.com>, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [net-next PATCH v1 3/3] net: sched: do not use tcf_proto 'tp' argument from call_rcu On Sun, Oct 5, 2014 at 9:28 PM, John Fastabend <john.fastabend@...il.com> wrote: > Using the tcf_proto pointer 'tp' from inside the classifiers callback > is not valid because it may have been cleaned up by another call_rcu > occuring on another CPU. > > 'tp' is currently being used by tcf_unbind_filter() in this patch we > move instances of tcf_unbind_filter outside of the call_rcu() context. > This is safe to do because any running schedulers will either read the > valid class field or it will be zeroed. > > And all schedulers today when the class is 0 do a lookup using the > same call used by the tcf_exts_bind(). So even if we have a running > classifier hit the null class pointer it will do a lookup and get > to the same result. This is particularly fragile at the moment because > the only way to verify this is to audit the schedulers call sites. > > Reported-by: Cong Wang <xiyou.wangconf@...il.com> > Signed-off-by: John Fastabend <john.r.fastabend@...el.com> Acked-by: Cong Wang <cwang@...pensource.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists