lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 24 Mar 2017 13:31:47 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     gfree.wind@...mail.com
Cc:     davem@...emloft.net, netdev@...r.kernel.org,
        Gao Feng <fgao@...ai8.com>
Subject: Re: [PATCH net-next 1/1] tcp: sysctl: Fix a race to avoid
 unexpected 0 window from space

On Fri, 24 Mar 2017 07:05:12 +0800
gfree.wind@...mail.com wrote:

> From: Gao Feng <fgao@...ai8.com>
> 
> Because sysctl_tcp_adv_win_scale could be changed any time, so there
> is one race in tcp_win_from_space.
> For example,
> 1.sysctl_tcp_adv_win_scale<=0 (sysctl_tcp_adv_win_scale is negative now)
> 2.space>>(-sysctl_tcp_adv_win_scale) (sysctl_tcp_adv_win_scale is postive now)  
> 
> As a result, tcp_win_from_space returns 0. It is unexpected.
> 
> Certainly if the compiler put the sysctl_tcp_adv_win_scale into one
> register firstly, then use the register directly, it would be ok.
> But we could not depend on the compiler behavior.
> 
> Signed-off-by: Gao Feng <fgao@...ai8.com>
> ---
>  include/net/tcp.h | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 6ec4ea6..119b592 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -1252,9 +1252,11 @@ void tcp_select_initial_window(int __space, __u32 mss, __u32 *rcv_wnd,
>  
>  static inline int tcp_win_from_space(int space)
>  {
> -	return sysctl_tcp_adv_win_scale<=0 ?
> -		(space>>(-sysctl_tcp_adv_win_scale)) :  
> -		space - (space>>sysctl_tcp_adv_win_scale);
> +	int tcp_adv_win_scale = sysctl_tcp_adv_win_scale;
> +
> +	return tcp_adv_win_scale <= 0 ?
> +		(space>>(-tcp_adv_win_scale)) :
> +		space - (space>>tcp_adv_win_scale);
>  }
>  
>  /* Note: caller must be prepared to deal with negative returns */

You need to use READ_ONCE() to be safe. The compiler is free to optimized the code back
to the original unless READ_ONCE() is used.

Powered by blists - more mailing lists