lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190719172927.18181-1-jakub.kicinski@netronome.com>
Date:   Fri, 19 Jul 2019 10:29:13 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     john.fastabend@...il.com, alexei.starovoitov@...il.com,
        daniel@...earbox.net
Cc:     edumazet@...gle.com, netdev@...r.kernel.org, bpf@...r.kernel.org,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH bpf v4 00/14] sockmap/tls fixes

John says:

Resolve a series of splats discovered by syzbot and an unhash
TLS issue noted by Eric Dumazet.

The main issues revolved around interaction between TLS and
sockmap tear down. TLS and sockmap could both reset sk->prot
ops creating a condition where a close or unhash op could be
called forever. A rare race condition resulting from a missing
rcu sync operation was causing a use after free. Then on the
TLS side dropping the sock lock and re-acquiring it during the
close op could hang. Finally, sockmap must be deployed before
tls for current stack assumptions to be met. This is enforced
now. A feature series can enable it.

To fix this first refactor TLS code so the lock is held for the
entire teardown operation. Then add an unhash callback to ensure
TLS can not transition from ESTABLISHED to LISTEN state. This
transition is a similar bug to the one found and fixed previously
in sockmap. Then apply three fixes to sockmap to fix up races
on tear down around map free and close. Finally, if sockmap
is destroyed before TLS we add a new ULP op update to inform
the TLS stack it should not call sockmap ops. This last one
appears to be the most commonly found issue from syzbot.

v4:
 - fix some use after frees;
 - disable disconnect work for offload (ctx lifetime is much
   more complex);
 - remove some of the dead code which made it hard to understand
   (for me) that things work correctly (e.g. the checks TLS is
   the top ULP);
 - add selftets.

Jakub Kicinski (7):
  net/tls: don't arm strparser immediately in tls_set_sw_offload()
  net/tls: don't call tls_sk_proto_close for hw record offload
  selftests/tls: add a test for ULP but no keys
  selftests/tls: test error codes around TLS ULP installation
  selftests/tls: add a bidirectional test
  selftests/tls: close the socket with open record
  selftests/tls: add shutdown tests

John Fastabend (7):
  net/tls: remove close callback sock unlock/lock around TX work flush
  net/tls: remove sock unlock/lock around strp_done()
  net/tls: fix transition through disconnect with close
  bpf: sockmap, sock_map_delete needs to use xchg
  bpf: sockmap, synchronize_rcu before free'ing map
  bpf: sockmap, only create entry if ulp is not already enabled
  bpf: sockmap/tls, close can race with map free

 Documentation/networking/tls-offload.rst |   6 +
 include/linux/skmsg.h                    |   8 +-
 include/net/tcp.h                        |   3 +
 include/net/tls.h                        |  15 +-
 net/core/skmsg.c                         |   4 +-
 net/core/sock_map.c                      |  19 ++-
 net/ipv4/tcp_ulp.c                       |  13 ++
 net/tls/tls_main.c                       | 142 +++++++++++++----
 net/tls/tls_sw.c                         |  83 +++++++---
 tools/testing/selftests/net/tls.c        | 194 +++++++++++++++++++++++
 10 files changed, 419 insertions(+), 68 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ