Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp449067rdb; Tue, 5 Dec 2023 09:39:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IEfitH2hqZ0ZgkLKIsyLZZin9sX0i9dUuy8d7MpUDyt/4bWN75wvRz7rIxSJEla649Vblnb X-Received: by 2002:a05:6a20:8e0d:b0:186:ff2d:f964 with SMTP id y13-20020a056a208e0d00b00186ff2df964mr8474112pzj.36.1701797944687; Tue, 05 Dec 2023 09:39:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701797944; cv=none; d=google.com; s=arc-20160816; b=SaPn+KIMFhtDbGfXcbZ5DrFOzuOb54qaDwqnDWJhMvVIi+TrdZATNRIMf7DkpncFKE VPY7yj7w8aYUwz/dFZ3/ef5letvSZLCL5VgIcT+6J4eogpXxbBNASYDy13dfWfVKvqV6 E2Jhb9YL7rTWfMeCM/E4F0PJDqJd9Le+FYgHxhIJPlykpn1ursh/pUEi9uMTA3UuqDch +tx5FAiiiBLc4wiYoytqYAlz93LZW5Iwbf9KoO+HQxpKOsh/Pmk9B1i7EwzQF4YXmtOa 0CmOzs/wEog+eCoXRu0ZBJCjIF/OtFboLPOpUR4MZ0BAu8kYUq6HlCzTw1zF1ffbFGBz CusQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=bkFwzVvbe6yA1cIGZShUgkfM/+JdLkcU+PGFPzrYDiU=; fh=VbWzGLDC/uZdqe7cth40nbZOM8HkmwYldETQb0yo044=; b=KmjVsxyFTmQxELTCxKcFjGGR3Ny9REGhuSBrZUAJeyzbTQbuvHNi75Wm54edUhiqGG KKv+OaU07isux1yDhL9VPbAGZ2otOaJhBe8YfSCIo24n8uhQRmkWoFJgdJ9kNjKAzXRq UWBBLVpC7K5wAOc06yOVphpWyXBBtVlzmk/ktk5Inf1oBNvESrBT67qNJfNRcmJM99j+ MGfEbfWqArFu1o1eJMd6B3bEWs1mjPN8jYZI//J+CqZ1XMlKD/0/i84HL6KcUQyUlRXw yqMvHWfnvinh80zvCKzvzbiQYCxOAtqi7xSXic5fSGN/WBHUkgYBaVgiyK286zDLNOZo 7u7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Nn1mW42N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id y35-20020a056a00182300b006ce5b642330si2952194pfa.212.2023.12.05.09.39.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 09:39:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Nn1mW42N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id A4A488182DD5; Tue, 5 Dec 2023 09:39:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345242AbjLERik (ORCPT + 99 others); Tue, 5 Dec 2023 12:38:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232367AbjLERJE (ORCPT ); Tue, 5 Dec 2023 12:09:04 -0500 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 182661B1 for ; Tue, 5 Dec 2023 09:09:10 -0800 (PST) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-548ae9a5eeaso13030a12.1 for ; Tue, 05 Dec 2023 09:09:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701796148; x=1702400948; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bkFwzVvbe6yA1cIGZShUgkfM/+JdLkcU+PGFPzrYDiU=; b=Nn1mW42Ntk6S9u0SXVGzDwkIxzFQXdacusxu0YE20oQtR50XCAfnGrN5uEXnxkjJH6 tX8tyr8s5f94c8kwmt4aLjZV47wIzngjzFzYkCGgoYzwSkEWE/mrg6drVKcgiNKFxOa+ xPT5YXWFu9tWTrxPgjFKcnlI3VWSd+JNwy8u3BjyT0n7uEbtriTGqq5BcdjPzlRstMmi prNdnrSA0x3dI1luVwIiMTrygQ2FNEdIVpGeSAw+C3TD5A4PXaB2FK4CeTRBHwISyWJK 81ARf6vf6315JJQtNjhAIsIqOhgWQuq0DEny+mGeDcJ32wrzwnEyUWYE+28/IVbEk2Pe qQqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701796148; x=1702400948; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bkFwzVvbe6yA1cIGZShUgkfM/+JdLkcU+PGFPzrYDiU=; b=UKGV9aezccPV9P77FpM3yqzXunAMVTQQgYQ9FmRSA5ZK2VlTHfOskke3Ib/z/MNjGC nr6Cl9fs7hH/vPeH5tdu/uyG2bwrbg4zLQ+pQeweMuwmBZbCl6JwLhEWmIf8XvCvJ7OQ rSUnUotIXhuWzdk2Z32Hvf6Z98v/SWtQ2/ihwnuC53iOR/fj+MDCDY14JY7nHQBbsRyX xUrKM9QPItb5sAd3kMJRYyfqs9lhpOxRkAC+AbgArmJvWGGgKE+of7kQ33XK0YiYVqj+ soN7/sfCLWbohnZl6ge6VrlEIMKBrG8dP8ITLpor1S0evKZlUKiaB3UV8rg2eGvHHKnr otPg== X-Gm-Message-State: AOJu0YxipAoQLaJZaIeZMv16vy4sw9mKIg/EV8OiO9hbLVsO/GNkd1qU 1dVsFxSJFJkXM3jAsJ12kMO73+rkKT86jyvjO5vcrA== X-Received: by 2002:a05:6402:35d3:b0:54c:9996:7833 with SMTP id z19-20020a05640235d300b0054c99967833mr312277edc.7.1701796147967; Tue, 05 Dec 2023 09:09:07 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jann Horn Date: Tue, 5 Dec 2023 18:08:29 +0100 Message-ID: Subject: Re: Is xt_owner's owner_mt() racy with sock_orphan()? [worse with new TYPESAFE_BY_RCU file lifetime?] To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , netfilter-devel , coreteam@netfilter.org Cc: Christian Brauner , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Network Development , kernel list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Tue, 05 Dec 2023 09:39:01 -0800 (PST) On Tue, Dec 5, 2023 at 5:40=E2=80=AFPM Jann Horn wrote: > > Hi! > > I think this code is racy, but testing that seems like a pain... > > owner_mt() in xt_owner runs in context of a NF_INET_LOCAL_OUT or > NF_INET_POST_ROUTING hook. It first checks that sk->sk_socket is > non-NULL, then checks that sk->sk_socket->file is non-NULL, then > accesses the ->f_cred of that file. > > I don't see anything that protects this against a concurrent > sock_orphan(), which NULLs out the sk->sk_socket pointer, if we're in Ah, and all the other users of ->sk_socket in net/netfilter/ do it under the sk_callback_lock... so I guess the fix would be to add the same in owner_mt?