lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 24 Nov 2014 14:29:59 +0100
From:	Angelo Rizzi <angelo.rizzi@...utomazione.it>
To:	netdev@...r.kernel.org
Subject: net_tx_action race condition?

Hi Daniel,
Here attached the patch file you required.
The problem i've found is on the declaration of 'struct softnet_data 
*sd' in function 'net_tx_action'
What happens to me (i have an embedded system based on FPGA and a NIOS2 
cpu) is that, due to compiler optimization, the content of 
'sd->completion_queue' is saved in a CPU register before interrupt 
disabling (when the instruction 'if (sd->completion_queue) {' is 
executed) and then the register contents is used for interrupt-disabled 
assignment ('clist = sd->completion_queue') instead of re-read the 
variable contents.
This seems to lead to a race condition when an interrupt modifies the 
content of 'sd->completion_queue' between these two instructions.
What i have done to avoid this situation is to change the declaration of 
'struct softnet_data *sd' to 'volatile struct softnet_data *sd' and now 
everything seems to be ok.
I hope this will help.

Regards,
Angelo


View attachment "net_tx_action_patch" of type "text/plain" (439 bytes)

Powered by blists - more mailing lists