lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 16 Apr 2018 11:40:34 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     edumazet@...gle.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com
Subject: Re: [PATCH net] net: af_packet: fix race in PACKET_{R|T}X_RING

From: Eric Dumazet <edumazet@...gle.com>
Date: Sun, 15 Apr 2018 17:52:04 -0700

> In order to remove the race caught by syzbot [1], we need
> to lock the socket before using po->tp_version as this could
> change under us otherwise.
> 
> This means lock_sock() and release_sock() must be done by
> packet_set_ring() callers.
 ...
> Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: syzbot <syzkaller@...glegroups.com>

The locking in AF_PACKET is very unkind, as has been discussed
before.  Good thing syzbot found this one.

The only other place we access po->tp_version asynchronously
is in the getsockopt() for statistics, and I guess that case
is OK.

Applied and queued up for -stable, thanks Eric.

Powered by blists - more mailing lists