| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Aug 2019 15:54:30 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: vladbu@...lanox.com
Cc: netdev@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
jiri@...nulli.us, dcaratti@...hat.com
Subject: Re: [PATCH net] net: sched: act_sample: fix psample group handling
on overwrite
From: Vlad Buslov <vladbu@...lanox.com>
Date: Tue, 27 Aug 2019 21:49:38 +0300
> Action sample doesn't properly handle psample_group pointer in overwrite
> case. Following issues need to be fixed:
>
> - In tcf_sample_init() function RCU_INIT_POINTER() is used to set
> s->psample_group, even though we neither setting the pointer to NULL, nor
> preventing concurrent readers from accessing the pointer in some way.
> Use rcu_swap_protected() instead to safely reset the pointer.
>
> - Old value of s->psample_group is not released or deallocated in any way,
> which results resource leak. Use psample_group_put() on non-NULL value
> obtained with rcu_swap_protected().
>
> - The function psample_group_put() that released reference to struct
> psample_group pointed by rcu-pointer s->psample_group doesn't respect rcu
> grace period when deallocating it. Extend struct psample_group with rcu
> head and use kfree_rcu when freeing it.
>
> Fixes: 5c5670fae430 ("net/sched: Introduce sample tc action")
> Signed-off-by: Vlad Buslov <vladbu@...lanox.com>
Applied and queued up for -stable.
Powered by blists - more mailing lists