| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Oct 2018 02:45:56 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: alexei.starovoitov@...il.com
Cc: john.fastabend@...il.com, davejwatson@...com,
netdev@...r.kernel.org, Daniel Borkmann <daniel@...earbox.net>
Subject: [PATCH bpf-next v2 1/8] tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup
Whenever the ULP data on the socket is mangled, enforce that the
caller has the socket lock held as otherwise things may race with
initialization and cleanup callbacks from ulp ops as both would
mangle internal socket state.
Joint work with John.
Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
Signed-off-by: John Fastabend <john.fastabend@...il.com>
---
net/ipv4/tcp_ulp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index a5995bb..34e9635 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -123,6 +123,8 @@ void tcp_cleanup_ulp(struct sock *sk)
{
struct inet_connection_sock *icsk = inet_csk(sk);
+ sock_owned_by_me(sk);
+
if (!icsk->icsk_ulp_ops)
return;
@@ -140,6 +142,7 @@ int tcp_set_ulp(struct sock *sk, const char *name)
const struct tcp_ulp_ops *ulp_ops;
int err = 0;
+ sock_owned_by_me(sk);
if (icsk->icsk_ulp_ops)
return -EEXIST;
@@ -168,6 +171,7 @@ int tcp_set_ulp_id(struct sock *sk, int ulp)
const struct tcp_ulp_ops *ulp_ops;
int err;
+ sock_owned_by_me(sk);
if (icsk->icsk_ulp_ops)
return -EEXIST;
--
2.9.5
Powered by blists - more mailing lists