lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <251c1455-f30c-0130-2bb7-036d412a0516@blackwall.org>
Date:   Thu, 11 Aug 2022 11:03:59 +0300
From:   Nikolay Aleksandrov <razor@...ckwall.org>
To:     Jay Vosburgh <jay.vosburgh@...onical.com>, netdev@...r.kernel.org,
        sunshouxin@...natelecom.cn
Cc:     vfalico@...il.com, andy@...yhouse.net, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        linux-kernel@...r.kernel.org, huyd12@...natelecom.cn
Subject: Re: [PATCH net] bonding: fix reference count leak in balance-alb mode

On 11/08/2022 08:06, Jay Vosburgh wrote:
> 	Commit d5410ac7b0ba ("net:bonding:support balance-alb interface
> with vlan to bridge") introduced a reference count leak by not releasing
> the reference acquired by ip_dev_find().  Remedy this by insuring the
> reference is released.
> 
> Fixes: d5410ac7b0ba ("net:bonding:support balance-alb interface with vlan to bridge")
> Signed-off-by: Jay Vosburgh <jay.vosburgh@...onical.com>
> 
> ---
>  drivers/net/bonding/bond_alb.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
> index 60cb9a0225aa..b9dbad3a8af8 100644
> --- a/drivers/net/bonding/bond_alb.c
> +++ b/drivers/net/bonding/bond_alb.c
> @@ -668,8 +668,11 @@ static struct slave *rlb_arp_xmit(struct sk_buff *skb, struct bonding *bond)
>  
>  	dev = ip_dev_find(dev_net(bond->dev), arp->ip_src);
>  	if (dev) {
> -		if (netif_is_bridge_master(dev))
> +		if (netif_is_bridge_master(dev)) {
> +			dev_put(dev);
>  			return NULL;
> +		}
> +		dev_put(dev);
>  	}
>  
>  	if (arp->op_code == htons(ARPOP_REPLY)) {

Nice catch,
Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ