| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Jan 2016 14:36:17 -0800 From: Cong Wang <xiyou.wangcong@...il.com> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: netdev <netdev@...r.kernel.org>, linux-wireless@...r.kernel.org, Lauro Ramos Venancio <lauro.venancio@...nbossa.org>, Aloisio Almeida Jr <aloisio.almeida@...nbossa.org>, Samuel Ortiz <sameo@...ux.intel.com> Subject: Re: [Patch net] nfc: check sock state in llcp_sock_getname() On Sat, Jan 2, 2016 at 12:03 AM, Dmitry Vyukov <dvyukov@...gle.com> wrote: > On Sat, Jan 2, 2016 at 1:34 AM, Cong Wang <xiyou.wangcong@...il.com> wrote: >> llcp_sock_getname() checks llcp_sock->dev to make sure >> llcp_sock is already connected or bound, however, we could >> be in the middle of llcp_sock_bind() where llcp_sock->dev >> is bound and llcp_sock->service_name_len is set, >> but llcp_sock->service_name is not, in this case we would >> lead to copy some bytes from a NULL pointer. >> >> We should just check if sk->sk_state is still closed since >> both connect() and bind() will update this state at the end. > > Hi Cong, > > This is still racy. If you want to play lock-free then you also need > proper memory barriers. Stores to sk_state need to be > smp_store_release, while the load needs to be smp_load_acquire. > Otherwise getname still can see partially initialized socket. > Right... Or just lock sock perhaps. I will update my patch. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists