lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3d1b5c12-971f-3464-5f28-79477f1f9eb2@linux.ibm.com>
Date: Mon, 25 Sep 2023 11:43:33 +0200
From: Alexandra Winter <wintera@...ux.ibm.com>
To: "D. Wythe" <alibuda@...ux.alibaba.com>,
        Wenjia Zhang <wenjia@...ux.ibm.com>, kgraul@...ux.ibm.com,
        jaka@...ux.ibm.com
Cc: kuba@...nel.org, davem@...emloft.net, netdev@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-rdma@...r.kernel.org
Subject: Re: [PATCH net] net/smc: fix panic smc_tcp_syn_recv_sock() while
 closing listen socket



On 25.09.23 10:29, D. Wythe wrote:
> Hi Wenjia,
> 
>>
>> this is unfortunately not sufficient for this fix. You have to make sure that is not a life-time problem. Even so, READ_ONCE() is also needed in this case.
>>
> 
> Life-time problem? If you means the smc will still be NULL in the future,  I don't really think so, smc is a local variable assigned by smc_clcsock_user_data.
> it's either NULL or a valid and unchanged value.
> 
> And READ_ONCE() is needed indeed, considering not make too much change, maybe we can protected following

The local variable smc is a pointer to the smc_sock structure, so the question is whether you can just do a READ_ONCE
and then continue to use the content of the smc_sock structure, even though e.g. a smc_close_active() may be going on in 
parallel. 

> 
> smc = smc_clcsock_user_data(sk);
> 
> with sk_callback_lock, which solves the same problem. What do you think?

In af_ops.syn_recv_sock() and thus also in smc_tcp_syn_recv_sock() 
sk is defined as const. So you cannot simply do take sk_callback_lock, that will create compiler errors.
 (same for smc_hs_congested() BTW)

If you are sure the contents of *smc are always valid, then READ_ONCE is all you need.

Maybe it is better to take a step back and consider what needs to be protected when (lifetime).
Just some thoughts (there may be ramifications that I am not aware of):
Maybe clcsock->sk->sk_user_data could be set to point to smc_sock as soon as the clc socket is created?
Isn't the smc socket always valid as long as the clc socket exists? 
Then sk_user_data would no longer indicate whether the callback functions were set to smc values, but would that matter?
Are there scenarios where it matters whether the old or the new callback function is called?
Why are the values restored in smc_close_active() if the clc socket is released shortly after anyhow?

You see I am wondering whether adding more locking, there is a way to make sure structures are safe to use.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ