lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c259b212-0717-4baa-94f5-fc22da18fbe8@redhat.com>
Date: Tue, 3 Jun 2025 11:58:26 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Antonio Quartulli <antonio@...nvpn.net>, netdev@...r.kernel.org
Cc: Sabrina Dubroca <sd@...asysnail.net>,
 "David S . Miller" <davem@...emloft.net>, Eric Dumazet
 <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Oleksandr Natalenko <oleksandr@...alenko.name>
Subject: Re: [PATCH net 1/5] ovpn: properly deconfigure UDP-tunnel

On 6/3/25 11:08 AM, Antonio Quartulli wrote:
> On 03/06/2025 11:02, Paolo Abeni wrote:
>> On 5/30/25 12:12 PM, Antonio Quartulli wrote:
>>> diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c
>>> index aef8c0406ec9..89bb50f94ddb 100644
>>> --- a/drivers/net/ovpn/udp.c
>>> +++ b/drivers/net/ovpn/udp.c
>>> @@ -442,8 +442,16 @@ int ovpn_udp_socket_attach(struct ovpn_socket *ovpn_sock,
>>>    */
>>>   void ovpn_udp_socket_detach(struct ovpn_socket *ovpn_sock)
>>>   {
>>> -	struct udp_tunnel_sock_cfg cfg = { };
>>> +	struct sock *sk = ovpn_sock->sock->sk;
>>>   
>>> -	setup_udp_tunnel_sock(sock_net(ovpn_sock->sock->sk), ovpn_sock->sock,
>>> -			      &cfg);
>>> +	/* Re-enable multicast loopback */
>>> +	inet_set_bit(MC_LOOP, sk);
>>> +	/* Disable CHECKSUM_UNNECESSARY to CHECKSUM_COMPLETE conversion */
>>> +	inet_dec_convert_csum(sk);
>>> +
>>> +	udp_sk(sk)->encap_type = 0;
>>> +	udp_sk(sk)->encap_rcv = NULL;
>>> +	udp_sk(sk)->encap_destroy = NULL;
>>
>> I'm sorry for not noticing this earlier, but you need to add
>> WRITE_ONCE() annotation to the above statements, because readers access
>> such fields lockless.
> 
> I should have noticed the READ_ONCE on the reader side..
> 
> Any specific reason why setup_udp_tunnel_sock() does not use WRITE_ONCE 
> though?

AFAICS, it's a bug being there since the beginning. _ONCE cleanups
started quite later WRT udp tunnel support introduction. I guess it was
left over because syzkaller is less prone to stuble upon it. But it
would be better to deal correctly with such access in new code.

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ