| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1450041762.3944.4.camel@decadent.org.uk>
Date: Sun, 13 Dec 2015 21:22:42 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Luis Henriques <luis.henriques@...onical.com>,
Eric Dumazet <edumazet@...gle.com>,
Steffen Klassert <steffen.klassert@...unet.com>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
kernel-team@...ts.ubuntu.com
Subject: Re: [PATCH 3.16.y-ckt 009/126] sit: fix sit0 percpu double
allocations
On Sun, 2015-12-13 at 12:43 -0800, Eric Dumazet wrote:
> On Sun, 2015-12-13 at 20:20 +0000, Ben Hutchings wrote:
> > On Sun, 2015-12-13 at 18:54 +0000, Luis Henriques wrote:
> > > On Sat, Dec 12, 2015 at 04:18:26AM +0000, Ben Hutchings wrote:
> > > > On Wed, 2015-12-09 at 09:36 +0000, Luis Henriques wrote:
> > > > > 3.16.7-ckt21 -stable review patch. If anyone has any objections,
> > > > > please let me know.
> > > > >
> > > > > ------------------
> > > > >
> > > > > From: Eric Dumazet <edumazet@...gle.com>
> > > > >
> > > > > commit 4ece9009774596ee3df0acba65a324b7ea79387c upstream.
> > > > >
> > > > > sit0 device allocates its percpu storage twice :
> > > > > - One time in ipip6_tunnel_init()
> > > > > - One time in ipip6_fb_tunnel_init()
> > > > >
> > > > > Thus we leak 48 bytes per possible cpu per network namespace
> > > > > dismantle.
> > > > >
> > > > > ipip6_fb_tunnel_init() can be much simpler and does not
> > > > > return an error, and should be called after register_netdev()
> > > > [...]
> > > >
> > > > Doesn't this introduce a race condition when sit is a module? There
> > > > seems to be nothing to prevent access to the partially initialised
> > > > device after calling register_netdev(), if sit_init_net() is called
> > > > during module loading rather than during namespace creation.
> > > >
> > >
> > > This seems to be an upstream issue, not specific to the 3.16.y-ckt
> > > stable kernel. If that is the case, I guess I'll just keep this patch
> > > and later apply the fix. Or do you think this race is really likely
> > > to be a worst problem than then issue the patch is trying to fix?
> >
> > It seems worse than the problem being fixed.
>
> 1) Sorry Ben, I do not understand the problem you mention.
> What is a partially initialized device exactly ?
A tunnel device which is registered but hasn't had its private
structure fully initialised yet.
> 2) I have no idea why this patch is even backported to 3.16,
> since it is fixing a problem added in 3.18 :
>
> # git describe --contains ebe084aafb7e
> v3.18-rc5~22^2~42^2~1
>
> If your 3.16 kernel survives this loop without consuming memory like
> crazy, then the backport is not needed.
>
> modprobe sit
> while :
> do
> ip netns add ns1
> ip netns delete ns1
> done
I can't detect a memory leak when doing this.
Ben.
--
Ben Hutchings
Life would be so much easier if we could look at the source code.
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists