[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200630.181546.1338897117800736873.davem@davemloft.net>
Date: Tue, 30 Jun 2020 18:15:46 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: edumazet@...gle.com
Cc: netdev@...r.kernel.org, eric.dumazet@...il.com,
mathieu.desnoyers@...icios.com
Subject: Re: [PATCH net] tcp: md5: add missing memory barriers in
tcp_md5_do_add()/tcp_md5_hash_key()
From: Eric Dumazet <edumazet@...gle.com>
Date: Tue, 30 Jun 2020 16:41:01 -0700
> MD5 keys are read with RCU protection, and tcp_md5_do_add()
> might update in-place a prior key.
>
> Normally, typical RCU updates would allocate a new piece
> of memory. In this case only key->key and key->keylen might
> be updated, and we do not care if an incoming packet could
> see the old key, the new one, or some intermediate value,
> since changing the key on a live flow is known to be problematic
> anyway.
>
> We only want to make sure that in the case key->keylen
> is changed, cpus in tcp_md5_hash_key() wont try to use
> uninitialized data, or crash because key->keylen was
> read twice to feed sg_init_one() and ahash_request_set_crypt()
>
> Fixes: 9ea88a153001 ("tcp: md5: check md5 signature without socket lock")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Applied and queued up for -stable, thanks Eric.
Powered by blists - more mailing lists