| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200321.200839.737803094041368288.davem@davemloft.net>
Date: Sat, 21 Mar 2020 20:08:39 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: jakub@...udflare.com
Cc: netdev@...r.kernel.org, kernel-team@...udflare.com,
john.fastabend@...il.com
Subject: Re: [PATCH net-next 0/3] net/tls: Annotate lockless access to
sk_prot
From: Jakub Sitnicki <jakub@...udflare.com>
Date: Tue, 17 Mar 2020 18:04:36 +0100
> We have recently noticed that there is a case of lockless read/write to
> sk->sk_prot [0]. sockmap code on psock tear-down writes to sk->sk_prot,
> while holding sk_callback_lock. Concurrently, tcp can access it. Usually to
> read out the sk_prot pointer and invoke one of the ops,
> sk->sk_prot->handler().
>
> The lockless write (lockless in regard to concurrent reads) happens on the
> following paths:
>
> tcp_bpf_{recvmsg|sendmsg} / sock_map_unref
> sk_psock_put
> sk_psock_drop
> sk_psock_restore_proto
> WRITE_ONCE(sk->sk_prot, proto)
>
> To prevent load/store tearing [1], and to make tooling aware of intentional
> shared access [2], we need to annotate sites that access sk_prot with
> READ_ONCE/WRITE_ONCE.
>
> This series kicks off the effort to do it. Starting with net/tls.
>
> [0] https://lore.kernel.org/bpf/a6bf279e-a998-84ab-4371-cd6c1ccbca5d@gmail.com/
> [1] https://lwn.net/Articles/793253/
> [2] https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE
Series applied, thank you.
Powered by blists - more mailing lists