| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Sep 2020 15:59:44 -0700
From: Rustam Kovhaev <rkovhaev@...il.com>
To: David Miller <davem@...emloft.net>
Cc: kuba@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org
Subject: Re: [PATCH] veth: fix memory leak in veth_newlink()
On Tue, Sep 01, 2020 at 01:01:27PM -0700, David Miller wrote:
> From: Rustam Kovhaev <rkovhaev@...il.com>
> Date: Sun, 30 Aug 2020 06:13:36 -0700
>
> > when register_netdevice(dev) fails we should check whether struct
> > veth_rq has been allocated via ndo_init callback and free it, because,
> > depending on the code path, register_netdevice() might not call
> > priv_destructor() callback
> >
> > Reported-and-tested-by: syzbot+59ef240dd8f0ed7598a8@...kaller.appspotmail.com
> > Link: https://syzkaller.appspot.com/bug?extid=59ef240dd8f0ed7598a8
> > Signed-off-by: Rustam Kovhaev <rkovhaev@...il.com>
>
> I think I agree with Toshiaki here. There is no reason why the
> rollback_registered() path of register_netdevice() should behave
> differently from the normal control flow.
>
> Any code path that invokes ->ndo_uninit() should probably also
> invoke the priv destructor.
hi David, thank you for the review!
>
> The question is why does the err_uninit: label of register_netdevice
> behave differently from rollback_registered()? If there is a reason,
> it should be documented in a comment or similar. If it is wrong,
> it should be corrected.
good question, that i do not know, i'll review it
Powered by blists - more mailing lists