lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200607205229.2389672-1-jakub@cloudflare.com>
Date:   Sun,  7 Jun 2020 22:52:27 +0200
From:   Jakub Sitnicki <jakub@...udflare.com>
To:     bpf@...r.kernel.org
Cc:     netdev@...r.kernel.org, kernel-team@...udflare.com,
        Eric Dumazet <eric.dumazet@...il.com>,
        John Fastabend <john.fastabend@...il.com>
Subject: [PATCH bpf 0/2] Fixes for sock_hash_free

This series is an attempt to fix a race in sock_hash_free recently reported
by Eric [0]. The race, and a mem leak I found on the way, can be triggered
by the crude reproducer posted below.

[0] https://lore.kernel.org/bpf/6f8bb6d8-bb70-4533-f15b-310db595d334@gmail.com/

Cc: Eric Dumazet <eric.dumazet@...il.com>
Cc: John Fastabend <john.fastabend@...il.com>

--8<--

enum { NUM_SOCKS = 1000 };

static void *close_map(void *map)
{
	close(*(int *)map);
	return NULL;
}

int main(void)
{
	int sock[NUM_SOCKS];
	pthread_t worker;
	int map;
	int i, err;

	map = bpf_create_map(BPF_MAP_TYPE_SOCKHASH, sizeof(int), sizeof(int), NUM_SOCKS, 0);
	if (map < 0)
		error(1, -map, "map create");

	for (i = 0; i < NUM_SOCKS; i++) {
		int fd = socket(AF_INET, SOCK_STREAM, 0);
		if (fd < 0)
			error(1, errno, "socket");

		err = listen(fd, SOMAXCONN);
		if (err)
			error(1, errno, "listen");

		sock[i] = fd;
		err = bpf_map_update_elem(map, &i, &fd, BPF_ANY);
		if (err)
			error(1, errno, "map update");
	}

	err = pthread_create(&worker, NULL, close_map, &map);
	if (err)
		error(1, err, "thread create");

	/* usleep(100); */

	for (int i = 0; i < NUM_SOCKS; i++)
		close(sock[i]);

	pthread_join(worker, NULL);
	return 0;
}
-->8--

Jakub Sitnicki (2):
  bpf, sockhash: Fix memory leak when unlinking sockets in
    sock_hash_free
  bpf, sockhash: Synchronize delete from bucket list on map free

 net/core/sock_map.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

-- 
2.25.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ