lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Feb 2023 11:59:29 +0100 From: Florian Westphal <fw@...len.de> To: Alexander Atanasov <alexander.atanasov@...tuozzo.com> Cc: Florian Westphal <fw@...len.de>, netdev@...r.kernel.org, Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...filter.org>, Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Subject: Re: [PATCH] netfilter: nf_tables: always synchronize with readers before releasing tables Alexander Atanasov <alexander.atanasov@...tuozzo.com> wrote: > On 28.02.23 1:31, Florian Westphal wrote: > > Alexander Atanasov <alexander.atanasov@...tuozzo.com> wrote: > > > As i said i am still trying to figure out the basechain place, > > > where is that synchronize_rcu() call done? > > > > cleanup_net() in net/core/net_namespace.c. > > > > pre_exit handlers run, then synchronize_rcu, then the > > normal exit handlers, then exit_batch. > > It prevents anyone new to find the namespace but it does not guard against > the ones that have already found it. The netns is being dismantled, how can there be any process left? > What stops them to enter a rcu_read_lock() section after the synchronize > call in cleanup_net() is done and race with the exit handler? There should be no task in the first place. > synchronize_rcu() must be called with the commit_mutex held to be safe > against lock less readers using data protected with commit_mutext. Sorry, I do not understand this bug nor the fix.
Powered by blists - more mailing lists