| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2018 11:15:28 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: alexey.kodanev@...cle.com
Cc: netdev@...r.kernel.org, edumazet@...gle.com, dccp@...r.kernel.org
Subject: Re: [PATCH net v2] dccp: don't restart ccid2_hc_tx_rto_expire() if
sk in closed state
From: Alexey Kodanev <alexey.kodanev@...cle.com>
Date: Fri, 26 Jan 2018 15:14:16 +0300
> ccid2_hc_tx_rto_expire() timer callback always restarts the timer
> again and can run indefinitely (unless it is stopped outside), and after
> commit 120e9dabaf55 ("dccp: defer ccid_hc_tx_delete() at dismantle time"),
> which moved ccid_hc_tx_delete() (also includes sk_stop_timer()) from
> dccp_destroy_sock() to sk_destruct(), this started to happen quite often.
> The timer prevents releasing the socket, as a result, sk_destruct() won't
> be called.
>
> Found with LTP/dccp_ipsec tests running on the bonding device,
> which later couldn't be unloaded after the tests were completed:
>
> unregister_netdevice: waiting for bond0 to become free. Usage count = 148
>
> Fixes: 2a91aa396739 ("[DCCP] CCID2: Initial CCID2 (TCP-Like) implementation")
> Signed-off-by: Alexey Kodanev <alexey.kodanev@...cle.com>
> ---
>
> v2: * corrected bug origin commit id
> * clarified commit message about sk_stop_timer()
Applied and queued up for -stable.
Powered by blists - more mailing lists