| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c80aa031a57d1d4a98dc3fbc98863d35e5fc9b58.camel@redhat.com>
Date: Thu, 31 Mar 2022 16:28:15 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Niels Dossche <dossche.niels@...il.com>,
tipc-discussion@...ts.sourceforge.net
Cc: netdev@...r.kernel.org, Jon Maloy <jmaloy@...hat.com>,
Ying Xue <ying.xue@...driver.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Hoang Le <hoang.h.le@...tech.com.au>
Subject: Re: [PATCH net] tipc: use a write lock for keepalive_intv instead
of a read lock
On Tue, 2022-03-29 at 18:12 +0200, Niels Dossche wrote:
> Currently, n->keepalive_intv is written to while n is locked by a read
> lock instead of a write lock. This seems to me to break the atomicity
> against other readers.
> Change this to a write lock instead to solve the issue.
>
> Note:
> I am currently working on a static analyser to detect missing locks
> using type-based static analysis as my master's thesis
> in order to obtain my master's degree.
> If you would like to have more details, please let me know.
> This was a reported case. I manually verified the report by looking
> at the code, so that I do not send wrong information or patches.
> After concluding that this seems to be a true positive, I created
> this patch. I have both compile-tested this patch and runtime-tested
> this patch on x86_64. The effect on a running system could be a
> potential race condition in exceptional cases.
> This issue was found on Linux v5.17.
>
> Fixes: f5d6c3e5a359 ("tipc: fix node keep alive interval calculation")
> Signed-off-by: Niels Dossche <dossche.niels@...il.com>
> ---
> net/tipc/node.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 6ef95ce565bd..da867ddb93f5 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -806,9 +806,9 @@ static void tipc_node_timeout(struct timer_list *t)
> /* Initial node interval to value larger (10 seconds), then it will be
> * recalculated with link lowest tolerance
> */
> - tipc_node_read_lock(n);
> + tipc_node_write_lock(n);
I agree with Hoang, this should be safe even without write lock, as
tipc_node_timeout() is the only function modifying keepalive_intv, and
such function is invoked only by a timer, so we are guaranteeded there
are no possible concurrent updates...
> n->keepalive_intv = 10000;
> - tipc_node_read_unlock(n);
> + tipc_node_write_unlock(n);
> for (bearer_id = 0; remains && (bearer_id < MAX_BEARERS); bearer_id++) {
> tipc_node_read_lock(n);
...otherwise we have a similar issue here: a few line below
keepalive_intv is updated via tipc_node_calculate_timer(), still under
the read lock
Thanks!
Paolo
Powered by blists - more mailing lists