lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250820174707.83372-1-takamitz@amazon.co.jp>
Date: Thu, 21 Aug 2025 02:47:04 +0900
From: Takamitsu Iwai <takamitz@...zon.co.jp>
To: <linux-hams@...r.kernel.org>, <netdev@...r.kernel.org>
CC: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Takamitsu Iwai
	<takamitz@...zon.co.jp>, Kohei Enju <enjuk@...zon.com>, Ingo Molnar
	<mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>
Subject: [PATCH v1 net 0/3] net: rose: introduce refcount_t for reference counting of rose_neigh

The current implementation of rose_neigh uses 'use' and 'count' field of
type unsigned short as a reference count. This approach lacks atomicity,
leading to potential race conditions. As a result, syzbot has reported
slab-use-after-free errors due to unintended removals.

This series introduces refcount_t for reference counting to ensure
atomicity and prevent race conditions. The patches are structured as
follows:

1. Refactor rose_remove_neigh() to separate removal and freeing operations
2. Convert 'use' field to refcount_t for appropriate reference counting
3. Include references from rose_node to 'use' field

These changes should resolve the reported slab-use-after-free issues and
improve the overall stability of the ROSE network layer.

Takamitsu Iwai (3):
  net: rose: split remove and free operations in rose_remove_neigh()
  net: rose: convert 'use' field to refcount_t
  net: rose: include node references in rose_neigh refcount

 include/net/rose.h    | 18 +++++++++++++-
 net/rose/af_rose.c    | 10 ++++----
 net/rose/rose_in.c    | 12 +++++-----
 net/rose/rose_route.c | 55 ++++++++++++++++++++++++++-----------------
 net/rose/rose_timer.c |  2 +-
 5 files changed, 61 insertions(+), 36 deletions(-)

-- 
2.39.5 (Apple Git-154)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ