lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200102214819.GA745235@kroah.com>
Date:   Thu, 2 Jan 2020 22:48:19 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Michal Kubecek <mkubecek@...e.cz>
Cc:     Sasha Levin <sashal@...nel.org>, stable@...r.kernel.org,
        Eric Dumazet <edumazet@...gle.com>,
        Firo Yang <firo.yang@...e.com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        rcu@...r.kernel.org, netdev@...r.kernel.org,
        lkft-triage@...ts.linaro.org,
        Naresh Kamboju <naresh.kamboju@...aro.org>
Subject: Re: [PATCH stable-4.19] tcp/dccp: fix possible race
 __inet_lookup_established()

On Thu, Jan 02, 2020 at 10:28:44PM +0100, Michal Kubecek wrote:
> From: Eric Dumazet <edumazet@...gle.com>
> 
> [ Upstream commit 8dbd76e79a16b45b2ccb01d2f2e08dbf64e71e40 ]
> 
> Michal Kubecek and Firo Yang did a very nice analysis of crashes
> happening in __inet_lookup_established().
> 
> Since a TCP socket can go from TCP_ESTABLISH to TCP_LISTEN
> (via a close()/socket()/listen() cycle) without a RCU grace period,
> I should not have changed listeners linkage in their hash table.
> 
> They must use the nulls protocol (Documentation/RCU/rculist_nulls.txt),
> so that a lookup can detect a socket in a hash list was moved in
> another one.
> 
> Since we added code in commit d296ba60d8e2 ("soreuseport: Resolve
> merge conflict for v4/v6 ordering fix"), we have to add
> hlist_nulls_add_tail_rcu() helper.
> 
> stable-4.19: we also need to update code in __inet_lookup_listener() and
> inet6_lookup_listener() which has been removed in 5.0-rc1.
> 
> Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: Michal Kubecek <mkubecek@...e.cz>
> Reported-by: Firo Yang <firo.yang@...e.com>
> Reviewed-by: Michal Kubecek <mkubecek@...e.cz>
> Link: https://lore.kernel.org/netdev/20191120083919.GH27852@unicorn.suse.cz/
> Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
> Signed-off-by: Michal Kubecek <mkubecek@...e.cz>

Thanks for the updated patches, all now queued up.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ