lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Feb 2017 11:11:14 -0500 (EST) From: David Miller <davem@...emloft.net> To: marcelo.leitner@...il.com Cc: netdev@...r.kernel.org, linux-sctp@...r.kernel.org, vyasevich@...il.com, nhorman@...driver.com, lucien.xin@...il.com, alex.popov@...ux.com, ben@...adent.org.uk Subject: Re: [PATCH net] sctp: deny peeloff operation on asocs with threads sleeping on it From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> Date: Thu, 23 Feb 2017 09:31:18 -0300 > commit 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf") > attempted to avoid a BUG_ON call when the association being used for a > sendmsg() is blocked waiting for more sndbuf and another thread did a > peeloff operation on such asoc, moving it to another socket. > > As Ben Hutchings noticed, then in such case it would return without > locking back the socket and would cause two unlocks in a row. > > Further analysis also revealed that it could allow a double free if the > application managed to peeloff the asoc that is created during the > sendmsg call, because then sctp_sendmsg() would try to free the asoc > that was created only for that call. > > This patch takes another approach. It will deny the peeloff operation > if there is a thread sleeping on the asoc, so this situation doesn't > exist anymore. This avoids the issues described above and also honors > the syscalls that are already being handled (it can be multiple sendmsg > calls). > > Joint work with Xin Long. > > Fixes: 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf") > Cc: Alexander Popov <alex.popov@...ux.com> > Cc: Ben Hutchings <ben@...adent.org.uk> > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com> > Signed-off-by: Xin Long <lucien.xin@...il.com> > --- > Hi, please consider this one for -stable too. Thanks Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists