lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 1 Dec 2023 13:23:34 -0800
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <edumazet@...gle.com>
CC: <davem@...emloft.net>, <dsahern@...nel.org>, <gnault@...hat.com>,
	<kuba@...nel.org>, <kuniyu@...zon.com>, <mkubecek@...e.cz>,
	<netdev@...r.kernel.org>, <pabeni@...hat.com>
Subject: Re: [PATCH net-next v4] tcp: Dump bound-only sockets in inet_diag.

From: Eric Dumazet <edumazet@...gle.com>
Date: Fri, 1 Dec 2023 21:41:16 +0100
> On Fri, Dec 1, 2023 at 9:34 PM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
> >
> > From: Guillaume Nault <gnault@...hat.com>
> 
> > > +                                             goto next_bind;
> > > +
> > > +                                     if (sk->sk_state != TCP_CLOSE ||
> > > +                                         !inet->inet_num)
> >
> > Sorry for missing this in the previous version, but I think
> > inet_num is always non-zero because 0 selects a port automatically
> > and the min of ipv4_local_port_range is 1.
> >
> 
> This is not true, because it can be cleared by another thread, before
> unhashing happens in __inet_put_port()
> 
> Note the test should use READ_ONCE(inet->inet_num), but I did not
> mention this, as many reads of inet_num are racy.

Ah exactly, the order of __sk_del_bind_node() and the clearance was not
guaranteed.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ