lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALk3=6v7kFoBv3wTwYasH7-G39tLjATEn1mqnJVVaBy0b3LYKw@mail.gmail.com>
Date: Wed, 9 Oct 2024 01:24:47 +0200
From: Budimir Markovic <markovicbudimir@...il.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org
Subject: Re: Use-after-free from netem/hfsc interaction

On Tue, Oct 8, 2024 at 10:23 AM Paolo Abeni <pabeni@...hat.com> wrote:
>
> If I read correctly, that could happen only via netem peek, right?

Yes

> what about constraining the fix into the netem peek callback?

I'm not sure what a good way to do this is.

One solution is to try to detect when peek is being called from an enqueue
function. My patch attempted to do that, but I've realized it is possible to
bypass it by calling qdisc_enqueue() from a netem parent during netem_dequeue()
(Eric also pointed out that qdisc_is_running() should not be called from a
qdisc).

Another option would be to move qdisc_enqueue() from netem_dequeue() to
netem_enqueue(), but then there needs to be an alternate way to keep track of
each packet's delay.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ