| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Oct 2019 15:53:48 +0900
From: Taehee Yoo <ap420073@...il.com>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: David Miller <davem@...emloft.net>,
Netdev <netdev@...r.kernel.org>, linux-wireless@...r.kernel.org,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
Johannes Berg <johannes@...solutions.net>,
j.vosburgh@...il.com, vfalico@...il.com,
Andy Gospodarek <andy@...yhouse.net>,
Jiří Pírko <jiri@...nulli.us>,
Roopa Prabhu <roopa@...ulusnetworks.com>, saeedm@...lanox.com,
manishc@...vell.com, rahulv@...vell.com, kys@...rosoft.com,
haiyangz@...rosoft.com,
Stephen Hemminger <stephen@...workplumber.org>,
sashal@...nel.org, hare@...e.de, varun@...lsio.com,
ubraun@...ux.ibm.com, kgraul@...ux.ibm.com,
Jay Vosburgh <jay.vosburgh@...onical.com>,
Cody Schuffelen <schuffelen@...gle.com>, bjorn@...k.no
Subject: Re: [PATCH net v4 12/12] virt_wifi: fix refcnt leak in module exit routine
On Mon, 7 Oct 2019 at 20:22, Sabrina Dubroca <sd@...asysnail.net> wrote:
>
Hi Sabrina,
Thank you for the review!
> 2019-09-28, 16:48:43 +0000, Taehee Yoo wrote:
> > virt_wifi_newlink() calls netdev_upper_dev_link() and it internally
> > holds reference count of lower interface.
> >
> > Current code does not release a reference count of the lower interface
> > when the lower interface is being deleted.
> > So, reference count leaks occur.
> >
> > Test commands:
> > ip link add dummy0 type dummy
> > ip link add vw1 link dummy0 type virt_wifi
>
> There should also be "ip link del dummy0" in this reproducer, right?
>
> [...]
>
> > @@ -598,14 +634,24 @@ static int __init virt_wifi_init_module(void)
> > /* Guaranteed to be locallly-administered and not multicast. */
> > eth_random_addr(fake_router_bssid);
> >
> > + err = register_netdevice_notifier(&virt_wifi_notifier);
> > + if (err)
> > + return err;
> > +
>
> Here err is 0.
>
> > common_wiphy = virt_wifi_make_wiphy();
> > if (!common_wiphy)
> > - return -ENOMEM;
> > + goto notifier;
>
> err is still 0 when we jump...
>
> > err = rtnl_link_register(&virt_wifi_link_ops);
> > if (err)
> > - virt_wifi_destroy_wiphy(common_wiphy);
> > + goto destroy_wiphy;
> >
> > + return 0;
> > +
> > +destroy_wiphy:
> > + virt_wifi_destroy_wiphy(common_wiphy);
> > +notifier:
> > + unregister_netdevice_notifier(&virt_wifi_notifier);
> > return err;
> > }
>
> ... so now we return 0 on failure. Can you add an "err = -ENOMEM"
> before "common_wiphy = ..."?
>
You're right, I will fix this in a v5 patch!
Thanks!
> Thanks.
>
> --
> Sabrina
Powered by blists - more mailing lists