| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Aug 2022 10:32:22 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org, kernel-team@...udflare.com,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Tom Parkin <tparkin@...alix.com>,
Haowei Yan <g1042620637@...il.com>
Subject: Re: [PATCH net v3] l2tp: Serialize access to sk_user_data with
sk_callback_lock
On Thu, Aug 25, 2022 at 12:23 PM +02, Paolo Abeni wrote:
> hello,
>
> On Tue, 2022-08-23 at 12:14 +0200, Jakub Sitnicki wrote:
>> sk->sk_user_data has multiple users, which are not compatible with each
>> other. Writers must synchronize by grabbing the sk->sk_callback_lock.
>>
>> l2tp currently fails to grab the lock when modifying the underlying tunnel
>> socket. Fix it by adding appropriate locking.
>>
>> We don't to grab the lock when l2tp clears sk_user_data, because it happens
>> only in sk->sk_destruct, when the sock is going away.
>
> l2tp can additionally clears sk_user_data in sk->sk_prot->close() via
> udp_lib_close() -> sk_common_release() -> sk->sk_prot->destroy() ->
> udp_destroy_sock() -> up->encap_destroy() -> l2tp_udp_encap_destroy().
>
> That still happens at socket closing time, but when network has still
> access to the sock itself. It should be safe as the other sk_user_data
> users touch it only via fd, but perhaps a 'better safe the sorry'
> approach could be relevant there?
Fair point. Let me add that.
Powered by blists - more mailing lists