| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 09 Jul 2019 20:33:58 -0700
From: John Fastabend <john.fastabend@...il.com>
To: Jakub Kicinski <jakub.kicinski@...ronome.com>,
John Fastabend <john.fastabend@...il.com>
Cc: ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
edumazet@...gle.com, bpf@...r.kernel.org
Subject: Re: [bpf PATCH v2 6/6] bpf: sockmap/tls, close can race with map free
Jakub Kicinski wrote:
> On Mon, 08 Jul 2019 19:15:18 +0000, John Fastabend wrote:
> > @@ -352,15 +354,18 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
> > if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE)
> > goto skip_tx_cleanup;
> >
> > - sk->sk_prot = ctx->sk_proto;
> > tls_sk_proto_cleanup(sk, ctx, timeo);
> >
> > skip_tx_cleanup:
> > + write_lock_bh(&sk->sk_callback_lock);
> > + icsk->icsk_ulp_data = NULL;
>
> Is ulp_data pointer now supposed to be updated under the
> sk_callback_lock?
Yes otherwise it can race with tls_update(). I didn't remove the
ulp pointer null set from tcp_ulp.c though. Could be done in this
patch or as a follow up.
>
> > + if (sk->sk_prot->close == tls_sk_proto_close)
> > + sk->sk_prot = ctx->sk_proto;
> > + write_unlock_bh(&sk->sk_callback_lock);
> > release_sock(sk);
> > if (ctx->rx_conf == TLS_SW)
> > tls_sw_release_strp_rx(ctx);
> > - sk_proto_close(sk, timeout);
> > -
> > + ctx->sk_proto_close(sk, timeout);
> > if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW &&
> > ctx->tx_conf != TLS_HW_RECORD && ctx->rx_conf != TLS_HW_RECORD)
> > tls_ctx_free(ctx);
Powered by blists - more mailing lists