lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Dec 2015 16:46:38 -0500 From: Craig Gallek <kraigatgoog@...il.com> To: David Miller <davem@...emloft.net> Cc: Dave Jones <davej@...emonkey.org.uk>, netdev@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: suspicious RCU usage (netlink/rhashtable) On Tue, Dec 22, 2015 at 4:42 PM, David Miller <davem@...emloft.net> wrote: > From: Craig Gallek <kraigatgoog@...il.com> > Date: Tue, 22 Dec 2015 16:38:32 -0500 > >> On Tue, Dec 22, 2015 at 4:28 PM, David Miller <davem@...emloft.net> wrote: >>> From: Craig Gallek <kraigatgoog@...il.com> >>> Date: Tue, 22 Dec 2015 15:51:19 -0500 >>> >>>> I was actually just looking at this as well (though a slightly >>>> different stack). The issue is with: c6ff5268293e rhashtable: Fix >>>> walker list corruption >>>> >>>> It changed the lock acquired in rhashtable_walk_init to use the new >>>> spinlock, but the rht_dereference macro expects the mutex. I was >>>> still trying to track down which repository this change came in >>>> through, though... >>> >>> Both cam via my networking tree. >> Simple fix is below. Though, I don't understand the history of the >> multiple locks in this structure to be sure it's correct. I'll send >> it as a formal patch. Please reject if it's not the right approach. >> >> diff --git a/lib/rhashtable.c b/lib/rhashtable.c >> index 1c149e9..cc80870 100644 >> --- a/lib/rhashtable.c >> +++ b/lib/rhashtable.c >> @@ -516,7 +516,8 @@ int rhashtable_walk_init(struct rhashtable *ht, >> struct rhashtable_iter *iter) >> return -ENOMEM; >> >> spin_lock(&ht->lock); >> - iter->walker->tbl = rht_dereference(ht->tbl, ht); >> + iter->walker->tbl = >> + rcu_dereference_protected(ht->tbl, lockdep_is_held(&ht->lock)); >> list_add(&iter->walker->list, &iter->walker->tbl->walkers); >> spin_unlock(&ht->lock); > > How can this be the "fix"? That's exactly what's in the tree. Ah, you're right, this fix was submitted to next in 179ccc0a7364 but hasn't made it into net-next yet. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists