lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 17 Mar 2020 18:04:36 +0100
From:   Jakub Sitnicki <>
        John Fastabend <>
Subject: [PATCH net-next 0/3] net/tls: Annotate lockless access to sk_prot

We have recently noticed that there is a case of lockless read/write to
sk->sk_prot [0]. sockmap code on psock tear-down writes to sk->sk_prot,
while holding sk_callback_lock. Concurrently, tcp can access it. Usually to
read out the sk_prot pointer and invoke one of the ops,

The lockless write (lockless in regard to concurrent reads) happens on the
following paths:

tcp_bpf_{recvmsg|sendmsg} / sock_map_unref
        WRITE_ONCE(sk->sk_prot, proto)

To prevent load/store tearing [1], and to make tooling aware of intentional
shared access [2], we need to annotate sites that access sk_prot with

This series kicks off the effort to do it. Starting with net/tls.


Jakub Sitnicki (3):
  net/tls: Constify base proto ops used for building tls proto
  net/tls: Read sk_prot once when building tls proto ops
  net/tls: Annotate access to sk_prot with READ_ONCE/WRITE_ONCE

 net/tls/tls_device.c |  2 +-
 net/tls/tls_main.c   | 28 +++++++++++++++-------------
 2 files changed, 16 insertions(+), 14 deletions(-)


Powered by blists - more mailing lists