| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170629.124633.1294861014856097794.davem@davemloft.net> Date: Thu, 29 Jun 2017 12:46:33 -0400 (EDT) From: David Miller <davem@...emloft.net> To: sowmini.varadhan@...cle.com Cc: netdev@...r.kernel.org Subject: Re: RFC: sk leak in sock_graft? From: Sowmini Varadhan <sowmini.varadhan@...cle.com> Date: Tue, 27 Jun 2017 16:45:29 -0400 > On (06/27/17 15:59), Sowmini Varadhan wrote: >> > Why does rds-tcp need to call sock_graft() without those invariants >> > met? >> >> It would certainly help to declare "dont use sock_creeate_kern() >> if you are going to accept on this socket"- I dont see that being >> mandated anywhere. > > I can look into getting rds_tcp_accept_one also calling sock_create_lite > like every other caller, (though I may not get to this for another week, > due to travel), but the code in sock_graft() doesnt look right either. > > At the very least, there needs to be a WARN_ON(parent->sk) there, > to provide a gentle dope-slap for the next slob that stumbles on this > type of leak. In the accept case it is, if anything, very wasteful. This is because you allocate a sock and then immediately free it up. I would say mimick the logic of sys_accept4() and just use sock_alloc() to allocate the struct socket without a struct sock. Or, as you say, use sock_create_lite() or a similar helper.
Powered by blists - more mailing lists