| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200317170439.873532-1-jakub@cloudflare.com>
Date: Tue, 17 Mar 2020 18:04:36 +0100
From: Jakub Sitnicki <jakub@...udflare.com>
To: netdev@...r.kernel.org
Cc: kernel-team@...udflare.com,
John Fastabend <john.fastabend@...il.com>
Subject: [PATCH net-next 0/3] net/tls: Annotate lockless access to sk_prot
We have recently noticed that there is a case of lockless read/write to
sk->sk_prot [0]. sockmap code on psock tear-down writes to sk->sk_prot,
while holding sk_callback_lock. Concurrently, tcp can access it. Usually to
read out the sk_prot pointer and invoke one of the ops,
sk->sk_prot->handler().
The lockless write (lockless in regard to concurrent reads) happens on the
following paths:
tcp_bpf_{recvmsg|sendmsg} / sock_map_unref
sk_psock_put
sk_psock_drop
sk_psock_restore_proto
WRITE_ONCE(sk->sk_prot, proto)
To prevent load/store tearing [1], and to make tooling aware of intentional
shared access [2], we need to annotate sites that access sk_prot with
READ_ONCE/WRITE_ONCE.
This series kicks off the effort to do it. Starting with net/tls.
[0] https://lore.kernel.org/bpf/a6bf279e-a998-84ab-4371-cd6c1ccbca5d@gmail.com/
[1] https://lwn.net/Articles/793253/
[2] https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE
Jakub Sitnicki (3):
net/tls: Constify base proto ops used for building tls proto
net/tls: Read sk_prot once when building tls proto ops
net/tls: Annotate access to sk_prot with READ_ONCE/WRITE_ONCE
net/tls/tls_device.c | 2 +-
net/tls/tls_main.c | 28 +++++++++++++++-------------
2 files changed, 16 insertions(+), 14 deletions(-)
--
2.24.1
Powered by blists - more mailing lists