| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220722150435.371a4fd9@kernel.org>
Date: Fri, 22 Jul 2022 15:04:35 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Maxim Mikityanskiy <maximmi@...dia.com>
Cc: <netdev@...r.kernel.org>, Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
"David S. Miller" <davem@...emloft.net>,
"Eric Dumazet" <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Tariq Toukan <tariqt@...dia.com>
Subject: Re: [PATCH net] net/tls: Remove the context from the list in
tls_device_down
On Thu, 21 Jul 2022 12:11:27 +0300 Maxim Mikityanskiy wrote:
> tls_device_down takes a reference on all contexts it's going to move to
> the degraded state (software fallback). If sk_destruct runs afterwards,
> it can reduce the reference counter back to 1 and return early without
> destroying the context. Then tls_device_down will release the reference
> it took and call tls_device_free_ctx. However, the context will still
> stay in tls_device_down_list forever. The list will contain an item,
> memory for which is released, making a memory corruption possible.
>
> Fix the above bug by properly removing the context from all lists before
> any call to tls_device_free_ctx.
SGTM. The tls_device_down_list has no use, tho, is the plan to remove
it later as a cleanup or your upcoming patches make use of it?
We can delete it now if you don't have a preference, either way the fix
is small.
Powered by blists - more mailing lists