| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 May 2016 14:23:27 +0300 From: Andrey Ryabinin <aryabinin@...tuozzo.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org>, "David S. Miller" <davem@...emloft.net> CC: Rainer Weikusat <rweikusat@...ileactivedefense.com>, Eric Dumazet <edumazet@...gle.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] net: af_unix: protect ->sk_shutdown change with lock_sock() On 05/18/2016 01:38 PM, Hannes Frederic Sowa wrote: > On 18.05.2016 12:14, Andrey Ryabinin wrote: >> ->sk_shutdown bits share one bitfield with some other bits in sock struct, >> such as ->sk_no_check_[r,t]x, ->sk_userlocks ... >> sock_setsockopt() may write to these bits, while holding the socket lock. >> In case of AF_UNIX sockets, we change ->sk_shutdown bits while holding only >> unix_state_lock(). So concurrent setsockopt() and shutdown() may lead >> to corrupting these bits. >> >> Fix that by protecting writes to ->sk_shutdown with lock_sock() > > Is it possible to move sk_shutdown out of the bitfields? Maybe a whole > which suites is available somewhere? > Agreed. I see two possible 16-bit holes - one after 'sk_gso_max_segs' and one more after 'sk_tsflags'. > af_unix doesn't depend on the socket locks anywhere and it would keep > locking much easier if we only depend on the state lock. > > Bye, > Hannes > >
Powered by blists - more mailing lists