lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 30 Jan 2013 09:49:28 +0000
From:	Tom Parkin <tparkin@...alix.com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Re: kmemleak complaints in ip6mr.c

On Tue, Jan 29, 2013 at 01:59:06PM -0500, David Miller wrote:
> From: Tom Parkin <tparkin@...alix.com>
> Date: Tue, 29 Jan 2013 18:51:27 +0000
> 
> > I've discovered what may be a memory leak in ip6mr when using network
> > namespaces.  Here's the kmemleak backtrace:
> > 
> > 
> > unreferenced object 0xf0d4a180 (size 96):
> >   comm "ip", pid 6735, jiffies 4294949643 (age 73.268s)
> >   hex dump (first 32 bytes):
> >     68 a1 d4 f0 00 02 20 00 01 00 00 00 00 00 00 00  h..... .........
> >     00 00 00 00 00 00 00 00 00 00 00 00 ff 7f 00 00  ................
> >   backtrace:
> >     [<c159b50c>] kmemleak_alloc+0x2c/0x60
> >     [<c1139c23>] __kmalloc+0x1c3/0x240
> >     [<c14e2627>] fib_default_rule_add+0x27/0x70
> >     [<c157f8df>] ip6mr_net_init+0x6f/0x140
> >     [<c14c4129>] ops_init+0x39/0x110
> >     [<c14c425f>] setup_net+0x5f/0xf0
> >     [<c14c46e4>] copy_net_ns+0x74/0xf0
> >     [<c105fc81>] create_new_namespaces+0xd1/0x160
> >     [<c105fedf>] unshare_nsproxy_namespaces+0x5f/0xa0
> >     [<c1038a94>] sys_unshare+0x114/0x280
> >     [<c15b7ecd>] sysenter_do_call+0x12/0x28
> >     [<ffffffff>] 0xffffffff
> 
> How is this memory unreferenced?  fib_rule_default_add() adds
> the allocated object to the ops->rules_list as it's very last
> action.

I think it should be freed by ip6mr_rules_exit() when the namespace is
destroyed.  That function calls fib_rules_unregister() on the stashed
ops pointer in net->ipv6.mr6_rules_ops.
-- 
Tom Parkin
Katalix Systems Ltd
http://www.katalix.com
Catalysts for your Embedded Linux software development

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ