lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 25 Mar 2017 11:32:12 +0800
From:   "Gao Feng" <gfree.wind@...mail.com>
To:     "'Stephen Hemminger'" <stephen@...workplumber.org>
Cc:     <davem@...emloft.net>, <netdev@...r.kernel.org>,
        "'Gao Feng'" <fgao@...ai8.com>
Subject: RE: [PATCH net-next 1/1] tcp: sysctl: Fix a race to avoid unexpected 0 window from space

> -----Original Message-----
> From: netdev-owner@...r.kernel.org [mailto:netdev-owner@...r.kernel.org]
> On Behalf Of Stephen Hemminger
> Sent: Saturday, March 25, 2017 4:32 AM
> To: gfree.wind@...mail.com
> Cc: davem@...emloft.net; netdev@...r.kernel.org; Gao Feng
> <fgao@...ai8.com>
> Subject: Re: [PATCH net-next 1/1] tcp: sysctl: Fix a race to avoid
unexpected 0
> window from space
> 
> On Fri, 24 Mar 2017 07:05:12 +0800
> gfree.wind@...mail.com wrote:
> 
> > From: Gao Feng <fgao@...ai8.com>
> >
> > Because sysctl_tcp_adv_win_scale could be changed any time, so there
> > is one race in tcp_win_from_space.
> > For example,
> > 1.sysctl_tcp_adv_win_scale<=0 (sysctl_tcp_adv_win_scale is negative
> > now)
> > 2.space>>(-sysctl_tcp_adv_win_scale) (sysctl_tcp_adv_win_scale is
> > postive now)
> >
> > As a result, tcp_win_from_space returns 0. It is unexpected.
> >
> > Certainly if the compiler put the sysctl_tcp_adv_win_scale into one
> > register firstly, then use the register directly, it would be ok.
> > But we could not depend on the compiler behavior.
> >
> > Signed-off-by: Gao Feng <fgao@...ai8.com>
> > ---
> >  include/net/tcp.h | 8 +++++---
> >  1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/net/tcp.h b/include/net/tcp.h index
> > 6ec4ea6..119b592 100644
> > --- a/include/net/tcp.h
> > +++ b/include/net/tcp.h
> > @@ -1252,9 +1252,11 @@ void tcp_select_initial_window(int __space,
> > __u32 mss, __u32 *rcv_wnd,
> >
> >  static inline int tcp_win_from_space(int space)  {
> > -	return sysctl_tcp_adv_win_scale<=0 ?
> > -		(space>>(-sysctl_tcp_adv_win_scale)) :
> > -		space - (space>>sysctl_tcp_adv_win_scale);
> > +	int tcp_adv_win_scale = sysctl_tcp_adv_win_scale;
> > +
> > +	return tcp_adv_win_scale <= 0 ?
> > +		(space>>(-tcp_adv_win_scale)) :
> > +		space - (space>>tcp_adv_win_scale);
> >  }
> >
> >  /* Note: caller must be prepared to deal with negative returns */
> 
> You need to use READ_ONCE() to be safe. The compiler is free to optimized
the
> code back to the original unless READ_ONCE() is used.

Thanks your reminder.
I could not figure out why compiler would do the optimization, rollback the
global variable instead of local tmp variable.
It breaks the original logic.

BTW, I think the READ_ONCE is used to avoid reorder. 
Could you give some guides please ?

Best Regards
Feng

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ