| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Oct 2014 15:17:41 -0700 From: Cong Wang <cwang@...pensource.com> To: Patrick McHardy <kaber@...sh.net> Cc: John Fastabend <john.fastabend@...il.com>, wang.bo116@....com.cn, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, cui.yunfeng@....com.cn Subject: Re: [PATCH net] net/sched: Fix use of wild pointer in mq_destroy() when qdisc_alloc fail On Fri, Oct 24, 2014 at 2:45 PM, Patrick McHardy <kaber@...sh.net> wrote: > On Fri, Oct 24, 2014 at 01:52:00PM -0700, Cong Wang wrote: >> On Fri, Oct 24, 2014 at 12:14 PM, Patrick McHardy <kaber@...sh.net> wrote: >> > On Fri, Oct 24, 2014 at 11:13:56AM -0700, Cong Wang wrote: >> >> On Fri, Oct 24, 2014 at 10:49 AM, John Fastabend >> >> <john.fastabend@...il.com> wrote: >> >> > >> >> > Patch looks fine, another way to fix this would be drop the >> >> > mq_destroy() call in the error path. I'm not convinced one >> >> > is any better than the other but maybe some other folks have >> >> > opinions, it seems a bit wrong to call mq_destroy twice so in >> >> > that sense it may be a bit nicer to drop the mq_destroy(). >> >> >> >> Dropping mq_destroy() in error path is indeed better, >> >> because upper layer does cleanup intentionally. >> >> Look at what other qdisc's do. :) >> > >> > I would argue that the qdisc_destroy() call in qdisc_create_dflt() >> > is wrong, it should instead free the qdisc and release the module >> > reference manually as done in qdisc_create(). >> > >> > qdisc_destroy() should only be called for fully initialized qdiscs. >> >> Probably, but at least ->destroy() should be called, looking at >> those calling qdisc_watchdog_init(), they are supposed to call >> qdisc_watchdog_cancel() when >init() fails after that. > > In which cases does it actually fail after that? Usually this is > called once initialization is complete. How about tbf_change() in tbf_init()? If tbf_change() fails, watchdog is still there if we don't call ->destroy(). Yes, I know the timer is started, the point is we do miss something clean up, even trivial. tbf is not the only one who calls xxx_change() in xxx_init(). > >> ->destroy() is supposed to be able to clean up even partially >> initialized qdisc's. So, for qdisc_create_dflt() we should probably >> just call ->destroy(). > > No, why do you think that? ->init() is supposed to clean up after > itself if it fails, both qdisc_destroy() and ->destroy are only > supposed to be called after ->init() succeeded. Why? This would end up with calling xxx_destroy() in every failure path in ->init(). Moving it up to caller makes the code cleaner and smaller. > > Its simply symetrical, as everywhere else in the kernel. If a sub-init > funtion fails, it should clean up and return an error. We don't > destroy things we've never successfully initialized, they're supposed > to clean up after themselves. Most (if not all) ->destroy() are able to clean partially initialized qdisc, I don't see why it could be a problem here. We don't have to keep with other kernel subsystem as long as it makes sense, net_sched subsystem is pretty much self-contained. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists