lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20170224.111114.542899448539607425.davem@davemloft.net>
Date:   Fri, 24 Feb 2017 11:11:14 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     marcelo.leitner@...il.com
Cc:     netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
        vyasevich@...il.com, nhorman@...driver.com, lucien.xin@...il.com,
        alex.popov@...ux.com, ben@...adent.org.uk
Subject: Re: [PATCH net] sctp: deny peeloff operation on asocs with threads
 sleeping on it

From: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Date: Thu, 23 Feb 2017 09:31:18 -0300

> commit 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf")
> attempted to avoid a BUG_ON call when the association being used for a
> sendmsg() is blocked waiting for more sndbuf and another thread did a
> peeloff operation on such asoc, moving it to another socket.
> 
> As Ben Hutchings noticed, then in such case it would return without
> locking back the socket and would cause two unlocks in a row.
> 
> Further analysis also revealed that it could allow a double free if the
> application managed to peeloff the asoc that is created during the
> sendmsg call, because then sctp_sendmsg() would try to free the asoc
> that was created only for that call.
> 
> This patch takes another approach. It will deny the peeloff operation
> if there is a thread sleeping on the asoc, so this situation doesn't
> exist anymore. This avoids the issues described above and also honors
> the syscalls that are already being handled (it can be multiple sendmsg
> calls).
> 
> Joint work with Xin Long.
> 
> Fixes: 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf")
> Cc: Alexander Popov <alex.popov@...ux.com>
> Cc: Ben Hutchings <ben@...adent.org.uk>
> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
> ---
> Hi, please consider this one for -stable too. Thanks

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ