lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 3 Oct 2019 11:20:48 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Navid Emamdoost <navid.emamdoost@...il.com>
Cc:     Jason Gunthorpe <jgg@...pe.ca>, Navid Emamdoost <emamd001@....edu>,
        Stephen McCamant <smccaman@....edu>, Kangjie Lu <kjlu@....edu>,
        Potnuri Bharat Teja <bharat@...lsio.com>,
        Doug Ledford <dledford@...hat.com>, linux-rdma@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] RDMA: release allocated skb

On Wed, Oct 02, 2019 at 04:35:06PM -0500, Navid Emamdoost wrote:
> Hi Jason,
>
> Thanks for the feedback. Yes, you are right if the skb release is
> moved under err4 label it will cause a double free as
> c4iw_ref_send_wait will release skb in case of error.
> So, in order to avoid leaking skb in case of c4iw_bar2_addrs failure,
> the kfree(skb) could be placed under the error check like the way
> patch v1 did. Do you see any mistake in version 1?
> https://lore.kernel.org/patchwork/patch/1128510/

No, it is not enough.
c4iw_ref_send_wait() ->
  c4iw_wait_for_reply() ->
    return wr_waitp->ret; <--- can be -EIO

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ