lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221123152400.GA18177@pc-4.home>
Date:   Wed, 23 Nov 2022 16:24:00 +0100
From:   Guillaume Nault <gnault@...hat.com>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     Jakub Sitnicki <jakub@...udflare.com>, netdev@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Tom Parkin <tparkin@...alix.com>,
        syzbot+703d9e154b3b58277261@...kaller.appspotmail.com,
        syzbot+50680ced9e98a61f7698@...kaller.appspotmail.com,
        syzbot+de987172bb74a381879b@...kaller.appspotmail.com
Subject: Re: [PATCH net] l2tp: Don't sleep and disable BH under writer-side
 sk_callback_lock

On Tue, Nov 22, 2022 at 11:28:45PM +0900, Tetsuo Handa wrote:
> On 2022/11/22 23:10, Guillaume Nault wrote:
> > User space uses this socket to send and receive L2TP control packets
> > (tunnel and session configuration, keep alive and tear down). Therefore
> > it absolutely needs to continue using this socket after the
> > registration phase.
> 
> Thank you for explanation.
> 
> >> If the userspace might continue using the socket, we would
> >>
> >>   create a new socket, copy required attributes (the source and destination addresses?) from
> >>   the socket fetched via sockfd_lookup(), and call replace_fd() like e.g. umh_pipe_setup() does
> >>
> >> inside l2tp_tunnel_register(). i-node number of the socket would change, but I assume that
> >> the process which called l2tp_tunnel_register() is not using that i-node number.
> >>
> >> Since the socket is a datagram socket, I think we can copy required attributes. But since
> >> I'm not familiar with networking code, I don't know what attributes need to be copied. Thus,
> >> I leave implementing it to netdev people.
> > 
> > That looks fragile to me. If the problem is that setup_udp_tunnel_sock()
> > can sleep, we can just drop the udp_tunnel_encap_enable() call from
> > setup_udp_tunnel_sock(), rename it __udp_tunnel_encap_enable() and make
> > make udp_tunnel_encap_enable() a wrapper around it that'd also call
> > udp_tunnel_encap_enable().
> > 
> 
> That's what I thought at https://lkml.kernel.org/r/c64284f4-2c2a-ecb9-a08e-9e49d49c720b@I-love.SAKURA.ne.jp .
> 
> But the problem is not that setup_udp_tunnel_sock() can sleep. The problem is that lockdep
> gets confused due to changing lockdep class after the socket is already published. We need
> to avoid calling lockdep_set_class_and_name() on a socket retrieved via sockfd_lookup().

This is a second problem. The problem of setting sk_user_data under
sk_callback_lock write protection (while still calling
udp_tunnel_encap_enable() from sleepable context) still remains.

For lockdep_set_class_and_name(), maybe we could store the necessary
socket information (addresses, ports and checksum configuration) in the
l2tp_tunnel structure, thus avoiding the need to read them from the
socket. This way, we could stop locking the user space socket in
l2tp_xmit_core() and drop the lockdep_set_class_and_name() call.
I think either you or Jakub proposed something like this in another
thread.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ