Re: [PATCH net] dccp: fix use-after-free in dccp_feat_activate_values

From: Eric Dumazet Date: Sun, 05 Mar 2017 10:52:16 -0800 > From: Eric Dumazet > > Dmitry reported crashes in DCCP stack [1] > > Problem here is that when I got rid of listener spinlock, I missed the > fact that DCCP stores a complex state in struct

Re: [PATCH net] dccp: fix use-after-free in dccp_feat_activate_values

On Sun, Mar 5, 2017 at 10:42 PM, Eric Dumazet wrote: > On Sun, 2017-03-05 at 21:38 -0800, Cong Wang wrote: > >> Do you really want to disable BH again here? >> >> dccp_check_req() should be always called on RX path where BH >> is already disabled and BH can't be disabled

Re: [PATCH net] dccp: fix use-after-free in dccp_feat_activate_values

On Sun, 2017-03-05 at 21:38 -0800, Cong Wang wrote: > Do you really want to disable BH again here? > > dccp_check_req() should be always called on RX path where BH > is already disabled and BH can't be disabled twice? What makes you think BH can't be disabled twice ? Look, I prefer being

Re: [PATCH net] dccp: fix use-after-free in dccp_feat_activate_values

On Sun, Mar 5, 2017 at 10:52 AM, Eric Dumazet wrote: > --- a/net/dccp/minisocks.c > +++ b/net/dccp/minisocks.c > @@ -142,6 +142,13 @@ struct sock *dccp_check_req(struct sock *sk, struct > sk_buff *skb, > struct dccp_request_sock *dreq = dccp_rsk(req); >

[PATCH net] dccp: fix use-after-free in dccp_feat_activate_values

From: Eric Dumazet Dmitry reported crashes in DCCP stack [1] Problem here is that when I got rid of listener spinlock, I missed the fact that DCCP stores a complex state in struct dccp_request_sock, while TCP does not. Since multiple cpus could access it at the same time,