| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Nov 2017 15:50:09 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: daniel@...earbox.net
Cc: jakub.kicinski@...ronome.com, netdev@...r.kernel.org,
oss-drivers@...ronome.com, xiyou.wangcong@...il.com
Subject: Re: [PATCH net] cls_bpf: don't decrement net's refcount when
offload fails
From: Daniel Borkmann <daniel@...earbox.net>
Date: Mon, 27 Nov 2017 22:09:33 +0100
> On 11/27/2017 08:11 PM, Jakub Kicinski wrote:
>> When cls_bpf offload was added it seemed like a good idea to
>> call cls_bpf_delete_prog() instead of extending the error
>> handling path, since the software state is fully initialized
>> at that point. This handling of errors without jumping to
>> the end of the function is error prone, as proven by later
>> commit missing that extra call to __cls_bpf_delete_prog().
>>
>> __cls_bpf_delete_prog() is now expected to be invoked with
>> a reference on exts->net or the field zeroed out. The call
>> on the offload's error patch does not fullfil this requirement,
>> leading to each error stealing a reference on net namespace.
>>
>> Create a function undoing what cls_bpf_set_parms() did and
>> use it from __cls_bpf_delete_prog() and the error path.
>>
>> Fixes: aae2c35ec892 ("cls_bpf: use tcf_exts_get_net() before call_rcu()")
>> Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
>> Reviewed-by: Simon Horman <simon.horman@...ronome.com>
>
> Fix looks good to me, thanks Jakub! If Dave wants to take
> it directly:
>
> Acked-by: Daniel Borkmann <daniel@...earbox.net>
Applied and queued up for -stable, thanks everyone.
Powered by blists - more mailing lists