| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2018 10:03:47 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Alexey Kodanev <alexey.kodanev@...cle.com>, netdev@...r.kernel.org
Cc: Eric Dumazet <edumazet@...gle.com>,
David Miller <davem@...emloft.net>, dccp@...r.kernel.org
Subject: Re: [PATCH net] dccp: don't restart ccid2_hc_tx_rto_expire() if sk
in closed state
On Thu, 2018-01-25 at 20:43 +0300, Alexey Kodanev wrote:
> ccid2_hc_tx_rto_expire() timer callback always restarts the timer
> again and can run indefinitely (unless it is stopped outside), and
> after commit 120e9dabaf55 ("dccp: defer ccid_hc_tx_delete() at
> dismantle time"), which moved sk_stop_timer() to sk_destruct(),
> this started to happen quite often. The timer prevents releasing
> the socket, as a result, sk_destruct() won't be called.
>
> Found with LTP/dccp_ipsec tests running on the bonding device,
> which later couldn't be unloaded after the tests were completed:
>
> unregister_netdevice: waiting for bond0 to become free. Usage count = 148
>
> Fixes: 120e9dabaf55 ("dccp: defer ccid_hc_tx_delete() at dismantle time")
> Signed-off-by: Alexey Kodanev <alexey.kodanev@...cle.com>
> ---
I understand your fix, but not why commit 120e9dabaf55 is bug origin.
Looks like this always had been buggy : Timer logic should have checked
socket state from day 0.
I did not move sk_stop_timer() to sk_destruct()
Powered by blists - more mailing lists