lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <bb7aeed8-fa7f-4d8c-b413-5e3549ae8d09@nokia.com>
Date: Mon, 27 Oct 2025 09:53:14 +0100
From: Stefan Wiehler <stefan.wiehler@...ia.com>
To: Xin Long <lucien.xin@...il.com>
Cc: Kuniyuki Iwashima <kuniyu@...gle.com>, davem@...emloft.net,
 edumazet@...gle.com, horms@...nel.org, kuba@...nel.org,
 linux-kernel@...r.kernel.org, linux-sctp@...r.kernel.org,
 netdev@...r.kernel.org, pabeni@...hat.com
Subject: Re: [PATCH net] sctp: Hold RCU read lock while iterating over address
 list

> Yes, there's a path not holding sock lock:
> 
>   sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()

Ok, thanks for the clarification.

> Kuniyuki is right about the TOCTOU issue, we do need a check there:
> 
>                 if (!--addrcnt)
>                         break;
> 
> BTW, there is another addrcnt thing in inet_assoc_attr_size(), I think you
> can fix it in another patch, like moving nlmsg_new(inet_assoc_attr_size(assoc))
> under the lock_sock() in sctp_sock_dump_one() and delete _rcu?

I've sent out two separate patches for these issues.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ