lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Apr 2018 11:40:34 -0400 (EDT) From: David Miller <davem@...emloft.net> To: edumazet@...gle.com Cc: netdev@...r.kernel.org, eric.dumazet@...il.com Subject: Re: [PATCH net] net: af_packet: fix race in PACKET_{R|T}X_RING From: Eric Dumazet <edumazet@...gle.com> Date: Sun, 15 Apr 2018 17:52:04 -0700 > In order to remove the race caught by syzbot [1], we need > to lock the socket before using po->tp_version as this could > change under us otherwise. > > This means lock_sock() and release_sock() must be done by > packet_set_ring() callers. ... > Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") > Signed-off-by: Eric Dumazet <edumazet@...gle.com> > Reported-by: syzbot <syzkaller@...glegroups.com> The locking in AF_PACKET is very unkind, as has been discussed before. Good thing syzbot found this one. The only other place we access po->tp_version asynchronously is in the getsockopt() for statistics, and I guess that case is OK. Applied and queued up for -stable, thanks Eric.
Powered by blists - more mailing lists