lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200924143037.6a68a1bb@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Thu, 24 Sep 2020 14:30:37 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Rohit Maheshwari <rohitm@...lsio.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, secdev@...lsio.com
Subject: Re: [net-next v2 1/3] ch_ktls: Issue if connection offload fails

On Thu, 24 Sep 2020 12:06:37 +0530 Rohit Maheshwari wrote:
> +	if (chcr_setup_connection(sk, tx_info))
> +		goto put_module;
> +
> +	/* Wait for reply */
> +	wait_for_completion_timeout(&tx_info->completion, 30 * HZ);
> +	if (tx_info->open_pending)
> +		goto put_module;

How do you handle reply coming back after timeout?
Won't chcr_ktls_cpl_act_open_rpl() access tx_info after it has already
been freed?

> +	/* initialize tcb */
> +	reinit_completion(&tx_info->completion);
> +	tx_info->open_pending = true;
> +
> +	if (chcr_init_tcb_fields(tx_info))
> +		goto free_tid;
> +
> +	/* Wait for reply */
> +	wait_for_completion_timeout(&tx_info->completion, 30 * HZ);
> +	if (tx_info->open_pending)
> +		goto free_tid;
> +
> +	if (!cxgb4_check_l2t_valid(tx_info->l2te))
> +		goto close_tcb;
> +
> +	atomic64_inc(&adap->ch_ktls_stats.ktls_tx_ctx);
> +	tx_ctx->chcr_info = tx_info;
>  
> -	atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_open);
>  	return 0;
> -out2:
> +
> +close_tcb:
> +	chcr_ktls_mark_tcb_close(tx_info);
> +free_tid:
> +#if IS_ENABLED(CONFIG_IPV6)
> +	/* clear clip entry */
> +	if (tx_info->ip_family == AF_INET6)
> +		cxgb4_clip_release(netdev, (const u32 *)
> +				   &sk->sk_v6_rcv_saddr,
> +				   1);
> +#endif
> +	cxgb4_remove_tid(&tx_info->adap->tids, tx_info->tx_chan,
> +			 tx_info->tid, tx_info->ip_family);
> +
> +put_module:
> +	/* release module refcount */
> +	module_put(THIS_MODULE);
> +free_l2t:
> +	cxgb4_l2t_release(tx_info->l2te);
> +free_tx_info:
>  	kvfree(tx_info);
>  out:
>  	atomic64_inc(&adap->ch_ktls_stats.ktls_tx_connection_fail);
> -	return ret;
> +	return -1;
>  }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ