lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 13 May 2015 06:07:10 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Ying Xue <ying.xue@...driver.com>
Cc:	netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH net-next] neigh: fix a possible leak issue of neigh entry

On Wed, 2015-05-13 at 18:32 +0800, Ying Xue wrote:
> On 05/13/2015 03:25 PM, Ying Xue wrote:
> > On 05/13/2015 02:20 PM, Eric Dumazet wrote:
> >> Have you hit this condition ?
> >>
> > 
> > No, I just found the issue when I was reading the code.
> > 
> >> If yes, there is a bug elsewhere and we need to fix it, not trying to
> >> recover.
> >>
> 
> After a search, it's found your mentioned bug probably should be:
> 
> https://patchwork.ozlabs.org/patch/458112/
> 
> But I think the bug should be a different issue that the patch is to be
> resolved. When the bug happened, neigh_add_timer() would take a reference on an
> object that already had a refcount of zero, which means somebody already
> decreased the refcount to zero before neigh_add_timer() was called. So, the bug
> should be unrelated to neigh_add_timer() although the bug really needs to be
> fixed. But the issue the patch tries to fix is wrong because it obviously
> violates the generic usage of how to take an object refcount in the object's
> timer handler as well as when its timer is started or deleted. Specially when a
> neighbour's timer to be modified is in pending state, we should not take its
> refcount, otherwise, the neighbour is leaked forever.
> 
> Therefore, the patch is needed for us even if your mentioned bug is not fixed.

Sorry, your patch is wrong.

As I said, if the issue is there, a different fix is needed.

Caller of the function must owns a refcount by definition.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ