lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Dec 2014 16:26:46 +0000 From: Thomas Graf <tgraf@...g.ch> To: Eric Dumazet <eric.dumazet@...il.com> Cc: David Miller <davem@...emloft.net>, dborkman@...hat.com, luto@...capital.net, torvalds@...ux-foundation.org, kaber@...sh.net, netdev@...r.kernel.org Subject: Re: Netlink mmap tx security? On 12/16/14 at 04:02pm, Eric Dumazet wrote: > On Tue, 2014-12-16 at 17:58 -0500, David Miller wrote: > > > + __skb_put(skb, nm_len); > > + memcpy(skb->data, (void *)hdr + NL_MMAP_HDRLEN, nm_len); > > + netlink_set_status(hdr, NL_MMAP_STATUS_UNUSED); > > > > Not related to this patch, but it looks like netlink_set_status() > barrier is wrong ? > > It seems we need smp_wmb() after the memcpy() and before the > hdr->nm_status = status; Yes, definitely wrong as-is. I'll send a patch. For the particular case we'd need a smp_rmb() after the memcpy() to complete the loads. The skb destructor needs a smp_wmb() after setting nm_len. We could get away with a smp_wmb() first thing in netlink_set_status() with the code as-is but smp_mb() might be the less fragile thing to do. Objections? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists