lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 15 Jul 2020 02:12:57 +0000
From:   "Zhang, Qiang" <Qiang.Zhang@...driver.com>
To:     Eric Dumazet <eric.dumazet@...il.com>,
        "jmaloy@...hat.com" <jmaloy@...hat.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "tuong.t.lien@...tech.com.au" <tuong.t.lien@...tech.com.au>,
        "Xue, Ying" <Ying.Xue@...driver.com>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "tipc-discussion@...ts.sourceforge.net" 
        <tipc-discussion@...ts.sourceforge.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: 回复: [PATCH v2] tipc: Don't using smp_processor_id() in preemptible code



________________________________________
发件人: Eric Dumazet <eric.dumazet@...il.com>
发送时间: 2020年7月14日 22:15
收件人: Zhang, Qiang; jmaloy@...hat.com; davem@...emloft.net; kuba@...nel.org; tuong.t.lien@...tech.com.au; eric.dumazet@...il.com; Xue, Ying
抄送: netdev@...r.kernel.org; tipc-discussion@...ts.sourceforge.net; linux-kernel@...r.kernel.org
主题: Re: [PATCH v2] tipc: Don't using smp_processor_id() in preemptible code



On 7/14/20 1:05 AM, qiang.zhang@...driver.com wrote:
> From: Zhang Qiang <qiang.zhang@...driver.com>
>
> CPU: 0 PID: 6801 Comm: syz-executor201 Not tainted 5.8.0-rc4-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine,
> BIOS Google 01/01/2011
>
> Fixes: fc1b6d6de2208 ("tipc: introduce TIPC encryption & authentication")
> Reported-by: syzbot+263f8c0d007dc09b2dda@...kaller.appspotmail.com
> Signed-off-by: Zhang Qiang <qiang.zhang@...driver.com>
> ---
>  v1->v2:
>  add fixes tags.
>
>  net/tipc/crypto.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
> index 8c47ded2edb6..520af0afe1b3 100644
> --- a/net/tipc/crypto.c
> +++ b/net/tipc/crypto.c
> @@ -399,9 +399,10 @@ static void tipc_aead_users_set(struct tipc_aead __rcu *aead, int val)
>   */
>  static struct crypto_aead *tipc_aead_tfm_next(struct tipc_aead *aead)
>  {
> -     struct tipc_tfm **tfm_entry = this_cpu_ptr(aead->tfm_entry);
> +     struct tipc_tfm **tfm_entry = get_cpu_ptr(aead->tfm_entry);
>
>       *tfm_entry = list_next_entry(*tfm_entry, list);
> +     put_cpu_ptr(tfm_entry);
>       return (*tfm_entry)->tfm;
>  }
>
>

> You have not explained why this was safe.
>
>  This seems to hide a real bug.
>
> Presumably callers of this function should have disable preemption, and maybe > interrupts as well.
>
>Right after put_cpu_ptr(tfm_entry), this thread could migrate to another cpu, >and still access
>data owned by the old cpu.

Thanks for you suggest, I will check code again.


Powered by blists - more mailing lists