| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6b52ce36-c350-a5ac-004a-f2fd9f8d0052@iogearbox.net>
Date: Sun, 2 Sep 2018 22:40:14 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: John Fastabend <john.fastabend@...il.com>, ast@...nel.org
Cc: netdev@...r.kernel.org
Subject: Re: [bpf PATCH v2] bpf: avoid misuse of psock when TCP_ULP_BPF
collides with another ULP
On 08/31/2018 06:25 AM, John Fastabend wrote:
> Currently we check sk_user_data is non NULL to determine if the sk
> exists in a map. However, this is not sufficient to ensure the psock
> or the ULP ops are not in use by another user, such as kcm or TLS. To
> avoid this when adding a sock to a map also verify it is of the
> correct ULP type. Additionally, when releasing a psock verify that
> it is the TCP_ULP_BPF type before releasing the ULP. The error case
> where we abort an update due to ULP collision can cause this error
> path.
>
> For example,
>
> __sock_map_ctx_update_elem()
> [...]
> err = tcp_set_ulp_id(sock, TCP_ULP_BPF) <- collides with TLS
> if (err) <- so err out here
> goto out_free
> [...]
> out_free:
> smap_release_sock() <- calling tcp_cleanup_ulp releases the
> TLS ULP incorrectly.
>
> Fixes: 2f857d04601a ("bpf: sockmap, remove STRPARSER map_flags and add multi-map support")
> Signed-off-by: John Fastabend <john.fastabend@...il.com>
Applied to bpf, thanks John!
Powered by blists - more mailing lists