lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Jan 2015 17:20:46 -0500 (EST) From: David Miller <davem@...emloft.net> To: johannes@...solutions.net Cc: netdev@...r.kernel.org, jeff.layton@...marydata.com, sedat.dilek@...il.com, johannes.berg@...el.com Subject: Re: [PATCH v3 3/3] genetlink: synchronize socket closing and family removal From: Johannes Berg <johannes@...solutions.net> Date: Fri, 16 Jan 2015 11:37:14 +0100 > From: Johannes Berg <johannes.berg@...el.com> > > In addition to the problem Jeff Layton reported, I looked at the code > and reproduced the same warning by subscribing and removing the genl > family with a socket still open. This is a fairly tricky race which > originates in the fact that generic netlink allows the family to go > away while sockets are still open - unlike regular netlink which has > a module refcount for every open socket so in general this cannot be > triggered. > > Trying to resolve this issue by the obvious locking isn't possible as > it will result in deadlocks between unregistration and group unbind > notification (which incidentally lockdep doesn't find due to the home > grown locking in the netlink table.) > > To really resolve this, introduce a "closing socket" reference counter > (for generic netlink only, as it's the only affected family) in the > core netlink code and use that in generic netlink to wait for all the > sockets that are being closed at the same time as a generic netlink > family is removed. > > This fixes the race that when a socket is closed, it will should call > the unbind, but if the family is removed at the same time the unbind > will not find it, leading to the warning. The real problem though is > that in this case the unbind could actually find a new family that is > registered to have a multicast group with the same ID, and call its > mcast_unbind() leading to confusing. > > Also remove the warning since it would still trigger, but is now no > longer a problem. > > This also moves the code in af_netlink.c to before unreferencing the > module to avoid having the same problem in the normal non-genl case. > > Signed-off-by: Johannes Berg <johannes.berg@...el.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists