lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Ybxy0HU5yfKm5sVF@google.com>
Date:   Fri, 17 Dec 2021 11:21:52 +0000
From:   Lee Jones <lee.jones@...aro.org>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Xin Long <lucien.xin@...il.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Vlad Yasevich <vyasevich@...il.com>,
        Neil Horman <nhorman@...driver.com>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        lksctp developers <linux-sctp@...r.kernel.org>,
        "H.P. Yarroll" <piggy@....org>,
        Karl Knutson <karl@...ena.chicago.il.us>,
        Jon Grimm <jgrimm@...ibm.com>,
        Xingang Guo <xingang.guo@...el.com>,
        Hui Huang <hui.huang@...ia.com>,
        Sridhar Samudrala <sri@...ibm.com>,
        Daisy Chang <daisyc@...ibm.com>,
        Ryan Layer <rmlayer@...ibm.com>,
        Kevin Gao <kevin.gao@...el.com>,
        network dev <netdev@...r.kernel.org>
Subject: Re: [RESEND 2/2] sctp: hold cached endpoints to prevent possible UAF

On Thu, 16 Dec 2021, Jakub Kicinski wrote:

> On Thu, 16 Dec 2021 16:39:15 +0000 Lee Jones wrote:
> > > > You should squash the two patches together.  
> > 
> > I generally like patches to encapsulate functional changes.
> > 
> > This one depends on the other, but they are not functionally related.
> > 
> > You're the boss though - I'll squash them if you insist.
> 
> Yes, please squash them.

I'm just about to make some changes to the patches.

Specifically, I'm going to make sctp_endpoint_hold() return the
endpoint it incremented, in order to prevent schedule related data
corruption before/after the increment of refcnt.

I'm going to keep the patches separate for the time being (since I'm
going to submit this before you get out of bed most likely).  Just let
me know if you still want them squashed, even with these additional
changes (along with their explanation in the commit message), or feel
free to squash them yourself if you choose to merge them.

-- 
Lee Jones [李琼斯]
Senior Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ