| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1450193181.3944.49.camel@decadent.org.uk>
Date: Tue, 15 Dec 2015 15:26:21 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: David Ahern <dsa@...ulusnetworks.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH 4.3] vrf: Fix memory leak on registration failure in
vrf_newlink()
On Tue, 2015-12-15 at 08:15 -0700, David Ahern wrote:
> On 12/15/15 8:12 AM, Ben Hutchings wrote:
> > @@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
> >
> > rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
> >
> > - return register_netdev(dev);
> > + err = register_netdev(dev);
> > + if (err)
> > + kfree(vrf_ptr);
> > + return err;
> > }
> >
> > static size_t vrf_nl_getsize(const struct net_device *dev)
> >
>
> The rcu_assign_pointer should only be done if the register_netdev succeeded.
Oh, yes I see. I though that no other task could access an
unregistered device, but register_netdev() can still fail after listing
the device.
Wait, it's worse, this is calling register_netdev() which will deadlock
as we already hold the RTNL lock.
Ben.
> Thanks for creating the patch.
>
--
Ben Hutchings
Logic doesn't apply to the real world. - Marvin Minsky
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists