From patchwork Sat Mar 25 02:36:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 743422 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vqktw0s89z9s3s for ; Sat, 25 Mar 2017 13:36:24 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="sn9Lqnz7"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965229AbdCYCgS (ORCPT ); Fri, 24 Mar 2017 22:36:18 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:35679 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965027AbdCYCgQ (ORCPT ); Fri, 24 Mar 2017 22:36:16 -0400 Received: by mail-pg0-f67.google.com with SMTP id g2so1187527pge.2 for ; Fri, 24 Mar 2017 19:36:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=ANPlRZ8NeYeoS6U/hLjjV/h2fmgnsA1L0h6YokgvrKU=; b=sn9Lqnz73Og22idlfpGWRRMrpWAml9FUr2l4vWxvqH8Pp7lqVodU8g6lfXmn5VoWv6 V+Si49mekwVzgUCH/j2v5x0LH1rTFRqnJ6yFHHSkL7rZGloZWDJ7mNRijkTT+YFnN8n/ kYYzZg0Ai/EG60Mqi6nWFfkcNJHP4vUA7ODqsSNmVIfgfrDpQ5vq67epZ7nF+nvQEr3v 0TBC5V/06sxsMmGljeh7DT2QZMuAreUpvrumnFQ7UCBmELwJ6Rc2UXLKO4zOF/g8yXKS uqY1CDfj8mHMF12whdX0V8xxMafZ1iQXCKJOlBi5o5ymaHUOGPKcAUgq2A4KfuIk74qA oT7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=ANPlRZ8NeYeoS6U/hLjjV/h2fmgnsA1L0h6YokgvrKU=; b=UWxcgR5ioEYv30keKOzo93nla+0J4zpgRuNi52Oo46stfeCro/QGCfJUo00a+H4bBU AlGY330LkrDGlkSF0FEZbGErrcy2grRDbrS8S0Ej17PxCt31b1Az42wUhv3IfqaU45V2 PgXk4oXVjCSsZJVPHBJNOlfksJcODdxwOMD4ZpZc2UOi0MKTc9HRQrDN1WyVasWvXP3Y ZsigYiwwrEtrTcpIKQr/6RXmSsEVj53QnIbZRC20Rsy3pJPuZkZUMpx0LbvoY3PGrD6d VvwtQybllnYttHNSb7hChiUDJrQ2Vz5b4teBLEJ4y2XHfAPEhugZ4zJp3OhYX65H7+Ri 29qw== X-Gm-Message-State: AFeK/H04JpIlSleN5jk9qSeaBpUa/X3bNJEpyKO7z+zlWHX5PT9gbzxAcmQt8uIRiObdKQ== X-Received: by 10.84.132.97 with SMTP id 88mr15133656ple.61.1490409375307; Fri, 24 Mar 2017 19:36:15 -0700 (PDT) Received: from [192.168.86.171] (c-73-231-122-98.hsd1.ca.comcast.net. [73.231.122.98]) by smtp.googlemail.com with ESMTPSA id t82sm6988817pgb.13.2017.03.24.19.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Mar 2017 19:36:14 -0700 (PDT) Message-ID: <1490409373.24891.8.camel@edumazet-glaptop3.roam.corp.google.com> Subject: [PATCH v2 net] ping: implement proper locking From: Eric Dumazet To: David Miller Cc: netdev@vger.kernel.org, solar@openwall.com, andreyknvl@google.com, edumazet@google.com, Daniel Jiang Date: Fri, 24 Mar 2017 19:36:13 -0700 In-Reply-To: <20170324.191016.1704224805339195329.davem@davemloft.net> References: <1490398185.24891.5.camel@edumazet-glaptop3.roam.corp.google.com> <20170324.191016.1704224805339195329.davem@davemloft.net> X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Dumazet We got a report of yet another bug in ping http://www.openwall.com/lists/oss-security/2017/03/24/6 ->disconnect() is not called with socket lock held. Fix this by acquiring ping rwlock earlier. Thanks to Daniel, Alexander and Andrey for letting us know this problem. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Signed-off-by: Eric Dumazet Reported-by: Daniel Jiang Reported-by: Solar Designer Reported-by: Andrey Konovalov --- net/ipv4/ping.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index 2af6244b83e27ae384e96cf071c10c5a89674804..ccfbce13a6333a65dab64e4847dd510dfafb1b43 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -156,17 +156,18 @@ int ping_hash(struct sock *sk) void ping_unhash(struct sock *sk) { struct inet_sock *isk = inet_sk(sk); + pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num); + write_lock_bh(&ping_table.lock); if (sk_hashed(sk)) { - write_lock_bh(&ping_table.lock); hlist_nulls_del(&sk->sk_nulls_node); sk_nulls_node_init(&sk->sk_nulls_node); sock_put(sk); isk->inet_num = 0; isk->inet_sport = 0; sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); - write_unlock_bh(&ping_table.lock); } + write_unlock_bh(&ping_table.lock); } EXPORT_SYMBOL_GPL(ping_unhash);