| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YE3K+zeWnJ/hVpQS@kroah.com>
Date: Sun, 14 Mar 2021 09:36:11 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Fatih Yildirim <yildirim.fatih@...il.com>
Cc: santosh.shilimkar@...cle.com, davem@...emloft.net, kuba@...nel.org,
netdev@...r.kernel.org, linux-rdma@...r.kernel.org,
rds-devel@....oracle.com, linux-kernel@...r.kernel.org
Subject: Re: [BUG] net: rds: rds_send_probe memory leak
On Sun, Mar 14, 2021 at 11:23:10AM +0300, Fatih Yildirim wrote:
> Hi Santosh,
>
> I've been working on a memory leak bug reported by syzbot.
> https://syzkaller.appspot.com/bug?id=39b72114839a6dbd66c1d2104522698a813f9ae2
>
> It seems that memory allocated in rds_send_probe function is not freed.
>
> Let me share my observations.
> rds_message is allocated at the beginning of rds_send_probe function.
> Then it is added to cp_send_queue list of rds_conn_path and refcount
> is increased by one.
> Next, in rds_send_xmit function it is moved from cp_send_queue list to
> cp_retrans list, and again refcount is increased by one.
> Finally in rds_loop_xmit function refcount is increased by one.
> So, total refcount is 4.
> However, rds_message_put is called three times, in rds_send_probe,
> rds_send_remove_from_sock and rds_send_xmit functions. It seems that
> one more rds_message_put is needed.
> Would you please check and share your comments on this issue?
Do you have a proposed patch that syzbot can test to verify if this is
correct or not?
thanks,
gre gk-h
Powered by blists - more mailing lists