Page MenuHomeFreeBSD
Differential D46755

MAC: improve handling of listening sockets
ClosedPublic
Actions

Authored by tuexen on Sep 22 2024, 8:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 4, 9:17 AM
Unknown Object (File)
Thu, Oct 2, 4:54 AM
Unknown Object (File)
Thu, Sep 18, 2:32 AM
Unknown Object (File)
Wed, Sep 17, 4:52 PM
Unknown Object (File)
Sep 7 2025, 8:38 AM
Unknown Object (File)
Sep 6 2025, 4:11 PM
Unknown Object (File)
Sep 5 2025, 3:32 PM
Unknown Object (File)
Sep 5 2025, 12:49 PM
View All 85 Files
Subscribers
imp
olce
olivier

Details

Reviewers
glebius
markj
peter.lei_ieee.org
lstewart
Commits
rG6421a70e6238: MAC: improve handling of listening sockets
rG66c7d5365a78: MAC: improve handling of listening sockets
rG2fb778fab893: MAC: improve handling of listening sockets
Summary

so_peerlabel can only be used when the socket is not listening.

Test Plan
kldload mac_test
nc -l 1234

and then terminate nc using CTRL-C.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tuexen created this revision.Sep 22 2024, 8:59 PM
Herald added subscribers: olce, imp. · View Herald TranscriptSep 22 2024, 8:59 PM
tuexen requested review of this revision.Sep 22 2024, 8:59 PM
markj added a comment.Sep 23 2024, 4:53 PM

Hum, this bug is quite old. :(

sys/kern/uipc_socket.c
4178

The right place to check this is in mac_getsockopt_peerlabel(). Without the socket lock (which is acquired in that function), it is possible for listen() and getsockopt(SO_PEERLABEL) to race with each other.

tuexen updated this revision to Diff 143651.Sep 23 2024, 8:06 PM

Address Mark's comment.

tuexen marked an inline comment as done.Sep 23 2024, 8:12 PM
tuexen added inline comments.
sys/kern/uipc_socket.c
4178

I totally agree. Fixed. But doesn't this comment apply also to the others usages of SOLISTENING() in sogetopt()?

tuexen marked an inline comment as done.Sep 23 2024, 8:12 PM
markj added inline comments.Sep 24 2024, 8:05 AM
sys/kern/uipc_socket.c
4178

Most likely, yes. There are many SOLISTENING races, unfortunately. Some of the ones below are mostly harmless in that they'll just return a garbage value if the race is lost.

sys/security/mac/mac_socket.c
584

Shouldn't this be in mac_getsockopt_peerlabel()?

tuexen updated this revision to Diff 143663.Sep 24 2024, 8:29 AM

Fix mac_getsockopt_label(), not mac_setsockopt_label() as pointed out by Mark.

tuexen marked 2 inline comments as done.Sep 24 2024, 8:31 AM
tuexen added inline comments.
sys/kern/uipc_socket.c
4178

OK, I'll fix them. I decided to not call SOCK_LOCK(), because it wan't called in that places...

sys/security/mac/mac_socket.c
584

Yes, of course. Thanks for catching that.

markj accepted this revision.Sep 24 2024, 8:47 AM
markj added a subscriber: olivier.

I think this is ok. The bug suggests that we should optionally run the regression test suite with mac_test loaded. I tried it locally and easily reproduced the original panic. Perhaps @olivier would want to try this in his test environment?

This revision is now accepted and ready to land.Sep 24 2024, 8:47 AM
Closed by commit rG2fb778fab893: MAC: improve handling of listening sockets (authored by tuexen). · Explain WhySep 26 2024, 6:09 AM
This revision was automatically updated to reflect the committed changes.
tuexen marked 2 inline comments as done.
tuexen added a commit: rG2fb778fab893: MAC: improve handling of listening sockets.
tuexen added a commit: rG66c7d5365a78: MAC: improve handling of listening sockets.Oct 31 2024, 1:55 PM
tuexen added a commit: rG6421a70e6238: MAC: improve handling of listening sockets.Oct 31 2024, 4:49 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
5 lines
security/
mac/
1 line
19 lines

Diff 143739

View Options

sys/kern/uipc_socket.c

Loading...
View Options

sys/security/mac/mac_internal.h

Loading...
View Options

sys/security/mac/mac_socket.c

Loading...