lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXJAmyiG5CkYgmAMigp01NKyUqnDzJCY__U+Z+EHx917AeBTw@mail.gmail.com>
Date: Thu, 31 Oct 2024 11:55:19 -0700
From: John Ousterhout <ouster@...stanford.edu>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: netdev@...r.kernel.org, edumazet@...gle.com
Subject: Re: [PATCH net-next 10/12] net: homa: create homa_timer.c

On Wed, Oct 30, 2024 at 12:02 PM Eric Dumazet <eric.dumazet@...il.com> wrote:
> ...
> > +                     if (rpc_count >= 10) {
> > +                             /* Give other kernel threads a chance to run
> > +                              * on this core. Must release the RCU read lock
> > +                              * while doing this.
> > +                              */
> > +                             rcu_read_unlock();
> > +                             schedule();
>
> This is unsafe. homa_socktab_next() will access possibly freed data.

Yikes; you're right. When I added the self-preemption code I forgot
that RCU not only keeps sockets from being deleted, but it also keeps
the hash table link structure from changing out from underneath scans.

I have implemented a fix (making socket scans work even in the face of
socket deletion), which will be in the next version of the patch
series. Thanks for catching this.

-John-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ