lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 21 Mar 2020 20:08:39 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     jakub@...udflare.com
Cc:     netdev@...r.kernel.org, kernel-team@...udflare.com,
        john.fastabend@...il.com
Subject: Re: [PATCH net-next 0/3] net/tls: Annotate lockless access to
 sk_prot

From: Jakub Sitnicki <jakub@...udflare.com>
Date: Tue, 17 Mar 2020 18:04:36 +0100

> We have recently noticed that there is a case of lockless read/write to
> sk->sk_prot [0]. sockmap code on psock tear-down writes to sk->sk_prot,
> while holding sk_callback_lock. Concurrently, tcp can access it. Usually to
> read out the sk_prot pointer and invoke one of the ops,
> sk->sk_prot->handler().
> 
> The lockless write (lockless in regard to concurrent reads) happens on the
> following paths:
> 
> tcp_bpf_{recvmsg|sendmsg} / sock_map_unref
>   sk_psock_put
>     sk_psock_drop
>       sk_psock_restore_proto
>         WRITE_ONCE(sk->sk_prot, proto)
> 
> To prevent load/store tearing [1], and to make tooling aware of intentional
> shared access [2], we need to annotate sites that access sk_prot with
> READ_ONCE/WRITE_ONCE.
> 
> This series kicks off the effort to do it. Starting with net/tls.
> 
> [0] https://lore.kernel.org/bpf/a6bf279e-a998-84ab-4371-cd6c1ccbca5d@gmail.com/
> [1] https://lwn.net/Articles/793253/
> [2] https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE

Series applied, thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ