lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 20 Jun 2023 15:26:05 +0100
From: Lorenz Bauer <lmb@...valent.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, 
	daniel@...earbox.net, davem@...emloft.net, dsahern@...nel.org, 
	edumazet@...gle.com, haoluo@...gle.com, hemanthmalla@...il.com, 
	joe@...d.net.nz, john.fastabend@...il.com, jolsa@...nel.org, 
	kpsingh@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, martin.lau@...ux.dev, mykolal@...com, 
	netdev@...r.kernel.org, pabeni@...hat.com, sdf@...gle.com, shuah@...nel.org, 
	song@...nel.org, willemdebruijn.kernel@...il.com, yhs@...com
Subject: Re: [PATCH bpf-next v2 3/6] net: remove duplicate reuseport_lookup functions

On Tue, Jun 13, 2023 at 7:57 PM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> The assignment to result below is buggy.  Let's say SO_REUSEPROT group
> have TCP_CLOSE and TCP_ESTABLISHED sockets.
>
>   1. Find TCP_CLOSE sk and do SO_REUSEPORT lookup
>   2. result is not NULL, but the group has TCP_ESTABLISHED sk
>   3. result = result
>   4. Find TCP_ESTABLISHED sk, which has a higher score
>   5. result = result (TCP_CLOSE) <-- should be sk.
>
> Same for v6 function.

Thanks for your explanation, I think I get it now. I misunderstood
that you were worried about returning TCP_ESTABLISHED instead of
TCP_CLOSE, but it's exactly the other way around.

I have a follow up question regarding the existing code:

    result = lookup_reuseport(net, sk, skb,
                    saddr, sport, daddr, hnum);
    /* Fall back to scoring if group has connections */
    if (result && !reuseport_has_conns(sk))
        return result;

    result = result ? : sk;
    badness = score;

Assuming that result != NULL but reuseport_has_conns() == true, we use
the reuseport socket as the result, but assign the score of sk to
badness. Shouldn't we use the score of the reuseport socket?

Thanks
Lorenz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ