Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp232759ybt; Tue, 30 Jun 2020 19:31:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTmbsZmLm2uvfgMDkXDefb7lqlm59nOw/5qsQ1Vtk4ztF5DXb3uiqOivIm31B87Qga/+oH X-Received: by 2002:a50:83c6:: with SMTP id 64mr27282341edi.41.1593570694055; Tue, 30 Jun 2020 19:31:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593570694; cv=none; d=google.com; s=arc-20160816; b=KXVnC7Nu4Ic1289wlB7bz02Vk8tdAzyKifuQnenzujz11AAE1o9ogxINKCkzXJqQAf Gn8SIPcO9+UCrV+WNfNBLXAmxs6ViifYyFzagwsaqY0s2gwCNgzXIeR+s74vNpwytOio umTa+96401dgstxc/SToIvnwzNnltZvV58o/kfp6tlA2Dq1bVRwqRiMVb7ecEisPPqek c7/lgEpAidkpG0Ubk8/mKuaz2nWFRG4Xg7/AkR5z3JpSi9aA7cUJtL2V6qQUEkVEAjb7 /IZl62WwaceyP4hV5/IHAuvQxx41xr8w5JHfQqSfSkyA8P6cOd1+vAlOMzcQM4uhSuMj EovA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=orh850FlYi6ymGIsnPeKmpVTbgMuFgP3BsMdOWApeO8=; b=IBoVAD6dLXyrLxeR3c0PdcgHoGXwg3zFTvYnVSoFxCjP+TUZE/3PyqBziv/7L3okB2 Ru9kYvyvqK7ur9tdIh8iKgQ+9qV5+sJqbDJQKPHlCop80Ez+HChls9A5uAfWcDrqoEtd I9OQxZkiR3k1sx660K0CdKhgU7G6VfLjDCE92qfvyT3/uN6oO8b4wDdFHS+qmOJTo4u3 CTkHr22DOK53PDNC5+0wHGOm+TVKW6JlSAd5ZB2wTjpbXNh/bK94Wly49jP6mxx421fP wiNUDgl7/4TBWNJoF45E2bQ4EFUAhejuRT57zVkcnFH67G1BG1QtO5P66RkUpkQJSkWn 977A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WPVzRSe2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ds16si3929280ejc.112.2020.06.30.19.31.10; Tue, 30 Jun 2020 19:31:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WPVzRSe2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726621AbgGACa5 (ORCPT + 99 others); Tue, 30 Jun 2020 22:30:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726183AbgGACa4 (ORCPT ); Tue, 30 Jun 2020 22:30:56 -0400 Received: from mail-yb1-xb44.google.com (mail-yb1-xb44.google.com [IPv6:2607:f8b0:4864:20::b44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BB43C061755 for ; Tue, 30 Jun 2020 19:30:56 -0700 (PDT) Received: by mail-yb1-xb44.google.com with SMTP id y17so9076024ybm.12 for ; Tue, 30 Jun 2020 19:30:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=orh850FlYi6ymGIsnPeKmpVTbgMuFgP3BsMdOWApeO8=; b=WPVzRSe29IxXSIUGCzVBbN1Fvdz+LCN0ILXxYv+auvExF/M2kQMNV2v5XMT2C5IS8A HArtPGBdd6KV5ibhE7QbBN6ClyFqAikrJrmgQexb3syQM2wCppMa+qo/cUlxyYyjsSJW a8cwjoUSABWMyYyDZwGzBFbH14tGo+oBrSMqBaIboOuCxNxavlD9uB8iOXHBVyh03xWU tTcZJybPRgya2NcY6jFXx7G7AC7XsI9gv/oDkVk4vtpgeFoIY9YB1HSiIJc1OizOeYUJ uzSdhPyLyjlO/DEKUV4+sEKFOEaJt4mRuZbDN4lPrmc2/2gTxIyFEqKF3cQNUAaNIq1b 6bBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=orh850FlYi6ymGIsnPeKmpVTbgMuFgP3BsMdOWApeO8=; b=XrjPe29zQ12Kv/r4yPGP1XGuOhCYj9k1RysfwuhhTRWRo3zjMy1P/W9tACpoQkctAO AT/mMyDr99L2ZQzcqVAXrrsKvFm1rCkDmp9A9hexlpef7sFMsZS0qZep3s8cwtrZA09I 59N8U4Bflp84C8aXgVJzBaiAgyllT8/EeaYQaJ6k2X077nJqeVQr1dujZEx2yhrBRkUM wzcbW1y1ScmkPJNpyJtioXOT9VMVSST6e3D7aTeu8VP99jDrx09ZqlNZDG1sTCKVVMSA mu1qU5BNnVDeZqloC4nyVqiSS0/MwEuT0BjEYjvbYdYmUUl7Dhy7rsclsyt7DYPDMsJe bXuw== X-Gm-Message-State: AOAM531XMMfW36JSHVLGZ6Ov/UKUX4h7nC1XSVLkBD+AP/RCcdWGIeO/ 4aKrLai3y/upSL3DM99/+IefkFyMcIzbP0pVsR4ZfA== X-Received: by 2002:a25:b8c5:: with SMTP id g5mr920040ybm.395.1593570655562; Tue, 30 Jun 2020 19:30:55 -0700 (PDT) MIME-Version: 1.0 References: <20200701020211.GA6875@gondor.apana.org.au> <20200701022241.GA7167@gondor.apana.org.au> In-Reply-To: <20200701022241.GA7167@gondor.apana.org.au> From: Eric Dumazet Date: Tue, 30 Jun 2020 19:30:43 -0700 Message-ID: Subject: Re: [regression] TCP_MD5SIG on established sockets To: Herbert Xu Cc: Mathieu Desnoyers , David Miller , Linus Torvalds , LKML , netdev , Yuchung Cheng , Jonathan Rajotte-Julien Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 30, 2020 at 7:23 PM Herbert Xu wrote: > > On Tue, Jun 30, 2020 at 07:17:46PM -0700, Eric Dumazet wrote: > > > > The main issue of the prior code was the double read of key->keylen in > > tcp_md5_hash_key(), not that few bytes could change under us. > > > > I used smp_rmb() to ease backports, since old kernels had no > > READ_ONCE()/WRITE_ONCE(), but ACCESS_ONCE() instead. > > If it's the double-read that you're protecting against, you should > just use barrier() and the comment should say so too. I made this clear in the changelog, do we want comments all over the places ? Do not get me wrong, we had this bug for years and suddenly this is a big deal... MD5 keys are read with RCU protection, and tcp_md5_do_add() might update in-place a prior key. Normally, typical RCU updates would allocate a new piece of memory. In this case only key->key and key->keylen might be updated, and we do not care if an incoming packet could see the old key, the new one, or some intermediate value, since changing the key on a live flow is known to be problematic anyway. We only want to make sure that in the case key->keylen is changed, cpus in tcp_md5_hash_key() wont try to use uninitialized data, or crash because key->keylen was read twice to feed sg_init_one() and ahash_request_set_crypt()