| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1227674317.5023.63.camel@haakon2.linux-iscsi.org>
Date: Tue, 25 Nov 2008 20:38:37 -0800
From: "Nicholas A. Bellinger" <nab@...ux-iscsi.org>
To: "Linux-iSCSI.org Target Dev"
<linux-iscsi-target-dev@...glegroups.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linux Net <linux-net@...r.kernel.org>,
Christoph Hellwig <hch@....de>,
Mike Christie <michaelc@...wisc.edu>,
FUJITA Tomonori <fujita.tomonori@....ntt.co.jp>,
Ming Zhang <blackmagic02881@...il.com>,
"Ross S. W. Walker" <rswwalker@...il.com>,
Arne Redlich <agr@...erkom-dd.de>,
David Miller <davem@...emloft.net>
Subject: [PATCH] [LIO-Target]: Make kernel level struct
socket->ops->accept() use sock_create_lite()
>>From 0450272b62a9944c2efe9d038447e168abba41a0 Mon Sep 17 00:00:00 2001
From: Nicholas Bellinger <nab@...ux-iscsi.org>
Date: Tue, 25 Nov 2008 19:51:13 -0800
Subject: [PATCH] [LIO-Target]: Make kernel level struct socket->ops->accept() use sock_create_lite()
With the addition sock_create_lite() in Linux v2.6.6, and at somepoint thereafter, the
'struct socket->sock' pointer of struct sock allocated internally with kmem_cache_alloc()
via net/core/sock.c:sk_prot_alloc() in net/socket.c:sock_create() was
being leaked (silently below the API) with with struct newsock usage with
struct socket->ops->accept(). This meant that normally calling net/socket.c:sock_release()
to the struct socket->ops->accept()'ed struct sock (located at struct socket->sock) was not
releasing struct sock back into struct proto->slab in net/core/sock.c:sk_free().
This patch to LIO-Target follows what net/socket.c:kernel_accept() does and uses
sock_create_lite(). kernel_accept() was added in v2.6.19, so one can assume the silient
leak with sock_create() and struct socket->ops->accept() was introduced sometime between
v2.6.6 and v2.6.19..
In LIO-Target code, iscsi_target_login.c:iscsi_target_login_thread() now uses
sock_create_lite() for struct socket->ops->accept() usage.
Forward port from v2.9-STABLE r406
Signed-off-by: Nicholas A. Bellinger <nab@...ux-iscsi.org>
---
drivers/lio-core/iscsi_target_login.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/lio-core/iscsi_target_login.c b/drivers/lio-core/iscsi_target_login.c
index 0b0a54a..302f527 100644
--- a/drivers/lio-core/iscsi_target_login.c
+++ b/drivers/lio-core/iscsi_target_login.c
@@ -763,9 +763,9 @@ static struct socket *iscsi_target_setup_login_socket (iscsi_np_t *np)
goto fail;
}
- if (sock_create((np->np_flags & NPF_NET_IPV6) ? AF_INET6 : AF_INET,
+ if (sock_create_lite((np->np_flags & NPF_NET_IPV6) ? AF_INET6 : AF_INET,
sock_type, ip_proto, &sock) < 0) {
- TRACE_ERROR("sock_create() failed.\n");
+ TRACE_ERROR("sock_create_lite() failed.\n");
goto fail;
}
np->np_socket = sock;
--
1.5.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists