| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Apr 2018 14:38:37 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: ubraun@...ux.ibm.com
Cc: netdev@...r.kernel.org, linux-s390@...r.kernel.org,
schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
raspl@...ux.vnet.ibm.com, ubraun@...ux.vnet.ibm.com
Subject: Re: [PATCH net 1/1] net/smc: keep clcsock reference in
smc_tcp_listen_work()
From: Ursula Braun <ubraun@...ux.ibm.com>
Date: Wed, 25 Apr 2018 12:48:58 +0200
> The internal CLC socket should exist till the SMC-socket is released.
> Function tcp_listen_worker() releases the internal CLC socket of a
> listen socket, if an smc_close_active() is called. This function
> is called for the final release(), but it is called for shutdown
> SHUT_RDWR as well. This opens a door for protection faults, if
> socket calls using the internal CLC socket are called for a
> shutdown listen socket.
>
> With the changes of
> commit 3d502067599f ("net/smc: simplify wait when closing listen socket")
> there is no need anymore to release the internal CLC socket in
> function tcp_listen_worker((). It is sufficient to release it in
> smc_release().
>
> Fixes: 127f49705823 ("net/smc: release clcsock from tcp_listen_worker")
> Signed-off-by: Ursula Braun <ubraun@...ux.ibm.com>
> Reported-by: syzbot+9045fc589fcd196ef522@...kaller.appspotmail.com
> Reported-by: syzbot+28a2c86cf19c81d871fa@...kaller.appspotmail.com
> Reported-by: syzbot+9605e6cace1b5efd4a0a@...kaller.appspotmail.com
> Reported-by: syzbot+cf9012c597c8379d535c@...kaller.appspotmail.com
Applied and queued up for -stable.
Powered by blists - more mailing lists