Re: [PATCH net] ipv6: add complete rcu protection around np->opt

From: Eric Dumazet
Date: Thu Dec 03 2015 - 00:36:44 EST

Next message: Xiubo Li: "[PATCH 0/2] regmap: mmio: clean up the code"
Previous message: Greg KH: "Re: [PATCH v2 0/4] Add online file check feature"
In reply to: David Miller: "Re: [PATCH net] ipv6: add complete rcu protection around np->opt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2015-12-02 at 23:38 -0500, David Miller wrote:
> From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> Date: Sun, 29 Nov 2015 19:37:57 -0800
>
> > From: Eric Dumazet <edumazet@xxxxxxxxxx>
> >
> > This patch addresses multiple problems :
> >
> > UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
> > while socket is not locked : Other threads can change np->opt
> > concurrently. Dmitry posted a syzkaller
> > (http://github.com/google/syzkaller) program desmonstrating
> > use-after-free.
> >
> > Starting with TCP/DCCP lockless listeners, tcp_v6_syn_recv_sock()
> > and dccp_v6_request_recv_sock() also need to use RCU protection
> > to dereference np->opt once (before calling ipv6_dup_options())
> >
> > This patch adds full RCU protection to np->opt
> >
> > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
>
> Applied and queued up for -stable.

Thanks David.

I will send a followup patch, as I missed the sctp part, now triggering
following sparse warnings.

CHECK net/sctp/ipv6.c
net/sctp/ipv6.c:223:41: warning: incorrect type in argument 4 (different address spaces)
net/sctp/ipv6.c:223:41: expected struct ipv6_txoptions *opt
net/sctp/ipv6.c:223:41: got struct ipv6_txoptions [noderef] <asn:4>*opt
net/sctp/ipv6.c:265:41: warning: incorrect type in argument 2 (different address spaces)
net/sctp/ipv6.c:265:41: expected struct ipv6_txoptions const *opt
net/sctp/ipv6.c:265:41: got struct ipv6_txoptions [noderef] <asn:4>*opt
net/sctp/ipv6.c:324:49: warning: incorrect type in argument 2 (different address spaces)
net/sctp/ipv6.c:324:49: expected struct ipv6_txoptions const *opt
net/sctp/ipv6.c:324:49: got struct ipv6_txoptions [noderef] <asn:4>*opt

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Xiubo Li: "[PATCH 0/2] regmap: mmio: clean up the code"
Previous message: Greg KH: "Re: [PATCH v2 0/4] Add online file check feature"
In reply to: David Miller: "Re: [PATCH net] ipv6: add complete rcu protection around np->opt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]