lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 08 Sep 2016 16:51:25 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Jojy Varghese <jojy.varghese@...il.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH] net_namespace: fixed net_device reference leak

On Thu, 2016-09-08 at 16:33 -0700, Jojy Varghese wrote:
> Sorry last patch was just the delta over my original patch. Here is
> the complete patch:
> 
> ---
>  net/core/dst.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/net/core/dst.c b/net/core/dst.c
> index a1656e3..f63027e 100644
> --- a/net/core/dst.c
> +++ b/net/core/dst.c
> @@ -433,8 +433,11 @@ static void dst_ifdown(struct dst_entry *dst,
> struct net_device *dev,
>                 dst->input = dst_discard;
>                 dst->output = dst_discard_out;
>         } else {
> -               dst->dev = dev_net(dst->dev)->loopback_dev;
> -               dev_hold(dst->dev);
> +               if (dst->dev != dev_net(dst->dev)->loopback_dev) {
> +                       dst->dev = dev_net(dst->dev)->loopback_dev;
> +                       dev_hold(dst->dev);
> +               }
> +
>                 dev_put(dev);
>         }
>  }

This is complete garbage, now we have a dst somewhere in the system,
pointing to a device that might have been freed.

Crash might happen when dst->dev is used later.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ