lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 18 Oct 2017 00:58:56 +0000
From:   Chris Mi <chrism@...lanox.com>
To:     Cong Wang <xiyou.wangcong@...il.com>
CC:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Lucas Bates <lucasb@...atatu.com>,
        Jiri Pirko <jiri@...nulli.us>,
        David Miller <davem@...emloft.net>
Subject: RE: [patch net v3 2/4] net/sched: Use action array instead of action
 list as parameter



> -----Original Message-----
> From: Cong Wang [mailto:xiyou.wangcong@...il.com]
> Sent: Wednesday, October 18, 2017 12:56 AM
> To: Chris Mi <chrism@...lanox.com>
> Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>; Jamal Hadi
> Salim <jhs@...atatu.com>; Lucas Bates <lucasb@...atatu.com>; Jiri Pirko
> <jiri@...nulli.us>; David Miller <davem@...emloft.net>
> Subject: Re: [patch net v3 2/4] net/sched: Use action array instead of action
> list as parameter
> 
> On Mon, Oct 16, 2017 at 6:20 PM, Chris Mi <chrism@...lanox.com> wrote:
> > When destroying filters, actions should be destroyed first.
> > The pointers of each action are saved in an array. TC doesn't use the
> > array directly, but put all actions in a doubly linked list and use
> > that list as parameter.
> >
> > There is no problem if each filter has its own actions. But if some
> > filters share the same action, when these filters are destroyed, RCU
> > callback fl_destroy_filter() may be called at the same time. That
> > means the same action's 'struct list_head list'
> > could be manipulated at the same time. It may point to an invalid
> > address so that system will panic.
> 
> So if we remove these RCU callbacks (by adding a sychronize_rcu) this is not a
> problem, right? 
Maybe you are right. But do you think it will cause performance issue, I mean it takes
longer time to destroy filters if using synchronize_rcu()?
Or is there any other races than RCU callbacks?
We haven't found them.  This is the only one we found.
> 
> 
> >
> > This patch uses the action array directly to fix this issue.
> >
> > Fixes commit in pre-git era.
> >
> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> 
> This is wrong too. RCU callbacks were introduced very late.

Powered by blists - more mailing lists