lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 13 Oct 2018 02:45:56 +0200
From:   Daniel Borkmann <>
Cc:,,, Daniel Borkmann <>
Subject: [PATCH bpf-next v2 1/8] tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup

Whenever the ULP data on the socket is mangled, enforce that the
caller has the socket lock held as otherwise things may race with
initialization and cleanup callbacks from ulp ops as both would
mangle internal socket state.

Joint work with John.

Signed-off-by: Daniel Borkmann <>
Signed-off-by: John Fastabend <>
 net/ipv4/tcp_ulp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index a5995bb..34e9635 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -123,6 +123,8 @@ void tcp_cleanup_ulp(struct sock *sk)
 	struct inet_connection_sock *icsk = inet_csk(sk);
+	sock_owned_by_me(sk);
 	if (!icsk->icsk_ulp_ops)
@@ -140,6 +142,7 @@ int tcp_set_ulp(struct sock *sk, const char *name)
 	const struct tcp_ulp_ops *ulp_ops;
 	int err = 0;
+	sock_owned_by_me(sk);
 	if (icsk->icsk_ulp_ops)
 		return -EEXIST;
@@ -168,6 +171,7 @@ int tcp_set_ulp_id(struct sock *sk, int ulp)
 	const struct tcp_ulp_ops *ulp_ops;
 	int err;
+	sock_owned_by_me(sk);
 	if (icsk->icsk_ulp_ops)
 		return -EEXIST;

Powered by blists - more mailing lists