From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by sourceware.org (Postfix) with ESMTPS id 854CF3858415 for ; Sun, 19 Sep 2021 12:46:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 854CF3858415 Received: by mail-qk1-x729.google.com with SMTP id a10so33244850qka.12 for ; Sun, 19 Sep 2021 05:46:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oi2yb7J6WQpLr0yR7UdR4WLGEIZjP+CXlCwrzEjb5Bg=; b=sLWFIfimdtik8qxrYlhCm3strApgumtOPxi+EA/VPxt+A6jXc72mu2Tv94M7jaVAWM IYZ8WdSyMCQj4WhaZMxNkjdF6p+Y9PHMNP8gIuhhRJZLynxCUYIBSWRkn+j7XVXbAk1k uxMhjh9WUWKG34f7nQb1uGFQhLHTpSn6LMNKPQ/IaOlg5EZmYFbOfiQvvMDiMC243ykY EMnmaQCosPoEkgKWQ3hbB9Zi95PkJyAOrR9JGkE/d/yKmTqeue04EcO6y21x3TS22M+T w4WN+qwy4m9YSVihmJnyaLXos9q+jUxdqRLqfPK8JIeZqNa/yidP1xXcE8JIVrc/kW5S 3keg== X-Gm-Message-State: AOAM53063GJUao0US6BsGcDsMDUIJrk3RcM9xHgvxZjxsatqw4+XgqT8 Yx2bLcVj/pFQjKjtWnJgQ3NBn1RpdH3yzuZpnvbOSA== X-Google-Smtp-Source: ABdhPJxNS3v0ubf3nlUcNiwJMIgDWYMIuXwbcVc364gcSBjmlnGwhCkJJSkS5fEbfK/+5gku80KXmj6iwCXSbZkjuB4= X-Received: by 2002:a25:3109:: with SMTP id x9mr24616646ybx.184.1632055584985; Sun, 19 Sep 2021 05:46:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Adhemerval Zanella Date: Sun, 19 Sep 2021 09:46:14 -0300 Message-ID: Subject: Re: Race observed in if_nametoindex function (not MT-Safe) To: pgowda cve Cc: Adhemerval Zanella via Libc-help Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Sep 2021 12:46:28 -0000 On Mon, Sep 13, 2021 at 11:15 AM pgowda cve via Libc-help wrote: > > Hi, > > The race and assert-triggering was observed in if_nametoindex function. > It calls __opensock, which contains two static variables (last_type, > last_family) > that can race, triggering an assert on line 63 of opensock.c. > The variables are set in the reverse order to which they are checked. > Since there is no synchronization between these variables, should the function > not be made MT-Safe. > > The patch was originally posted at:- > https://sourceware.org/pipermail/libc-alpha/2014-January/048052.html > It mentions the function as MT-Safe but race was observed. > > We may need a memory barrier (atomic_[read|write]_barrier() ? ) to > ensure that the > compiler doesn't re-order assembly instructions and has last_family be > set before last_type. > > Environment > Observed during a system restart when the processes start up and > software calls if_nametoindex from multiple threads. > GLIBC was dynamically Linked. > > Regards, > pgowda I agree, I haved opened https://sourceware.org/bugzilla/show_bug.cgi?id=28353 to track it. Thanks for reporting it.