| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Sep 2020 11:33:11 -0700 (PDT) From: David Miller <davem@...emloft.net> To: Jason@...c4.com Cc: netdev@...r.kernel.org, edumazet@...gle.com Subject: Re: [PATCH net 0/2] wireguard fixes for 5.9-rc5 From: "Jason A. Donenfeld" <Jason@...c4.com> Date: Wed, 9 Sep 2020 13:58:13 +0200 > Yesterday, Eric reported a race condition found by syzbot. This series > contains two commits, one that fixes the direct issue, and another that > addresses the more general issue, as a defense in depth. > > 1) The basic problem syzbot unearthed was that one particular mutation > of handshake->entry was not protected by the handshake mutex like the > other cases, so this patch basically just reorders a line to make > sure the mutex is actually taken at the right point. Most of the work > here went into making sure the race was fully understood and making a > reproducer (which syzbot was unable to do itself, due to the rarity > of the race). > > 2) Eric's initial suggestion for fixing this was taking a spinlock > around the hash table replace function where the null ptr deref was > happening. This doesn't address the main problem in the most precise > possible way like (1) does, but it is a good suggestion for > defense-in-depth, in case related issues come up in the future, and > basically costs nothing from a performance perspective. I thought it > aided in implementing a good general rule: all mutators of that hash > table take the table lock. So that's part of this series as a > companion. > > Both of these contain Fixes: tags and are good candidates for stable. Series applied and queued up for -stable, thanks.
Powered by blists - more mailing lists