| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <97b1225e848caf6034aa68ef8bc6ded3823a8149.camel@redhat.com>
Date: Thu, 25 Aug 2022 12:23:24 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Jakub Sitnicki <jakub@...udflare.com>, netdev@...r.kernel.org
Cc: kernel-team@...udflare.com,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Tom Parkin <tparkin@...alix.com>,
Haowei Yan <g1042620637@...il.com>
Subject: Re: [PATCH net v3] l2tp: Serialize access to sk_user_data with
sk_callback_lock
hello,
On Tue, 2022-08-23 at 12:14 +0200, Jakub Sitnicki wrote:
> sk->sk_user_data has multiple users, which are not compatible with each
> other. Writers must synchronize by grabbing the sk->sk_callback_lock.
>
> l2tp currently fails to grab the lock when modifying the underlying tunnel
> socket. Fix it by adding appropriate locking.
>
> We don't to grab the lock when l2tp clears sk_user_data, because it happens
> only in sk->sk_destruct, when the sock is going away.
l2tp can additionally clears sk_user_data in sk->sk_prot->close() via
udp_lib_close() -> sk_common_release() -> sk->sk_prot->destroy() ->
udp_destroy_sock() -> up->encap_destroy() -> l2tp_udp_encap_destroy().
That still happens at socket closing time, but when network has still
access to the sock itself. It should be safe as the other sk_user_data
users touch it only via fd, but perhaps a 'better safe the sorry'
approach could be relevant there?
Thanks!
Paolo
Powered by blists - more mailing lists