lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220326213508.GA19319@duo.ucw.cz>
Date:   Sat, 26 Mar 2022 22:35:08 +0100
From:   Pavel Machek <pavel@...x.de>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Pavel Machek <pavel@...x.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Eric Dumazet <edumazet@...gle.com>,
        赵子轩 <beraphin@...il.com>,
        Stoyan Manolov <smanolov@...e.de>
Subject: Re: [PATCH 5.10 09/38] llc: fix netdevice reference leaks in
 llc_ui_bind()

Hi!

> > Can someone check this? AFAICT this is buggy.
> > 
> > static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
> > {
> >         struct sock *sk = sock->sk;
> >         struct llc_sock *llc = llc_sk(sk);
> >         struct llc_sap *sap;
> >         int rc = -EINVAL;
> > 
> >         if (!sock_flag(sk, SOCK_ZAPPED))
> >                 goto out;
> > 
> > There are 'goto out's from both before dev_get() and after it,
> > dev_put() will be called with NULL pointer. dev_put() can't handle
> > NULL at least in the old kernels... this is simply confused.
> > 
> > Mainline has dev_put_track() there, but I see same confusion.
> > 
> > Best regards,
> 
> commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"),
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d327a79ee176930dc72c131a970c891d367c1dc
> 
> Should be in mainline on Thursday, LMK if we need to accelerate.
> IDK if anyone enables LLC2.

Thank you, yes, that looks good at the fast glance.

But this patch does more harm than good on its own, so I believe it
should be dropped for now, and only queued when the fixes are
available.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ