| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1473378685.18970.22.camel@edumazet-glaptop3.roam.corp.google.com>
Date: Thu, 08 Sep 2016 16:51:25 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Jojy Varghese <jojy.varghese@...il.com>
Cc: netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH] net_namespace: fixed net_device reference leak
On Thu, 2016-09-08 at 16:33 -0700, Jojy Varghese wrote:
> Sorry last patch was just the delta over my original patch. Here is
> the complete patch:
>
> ---
> net/core/dst.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/core/dst.c b/net/core/dst.c
> index a1656e3..f63027e 100644
> --- a/net/core/dst.c
> +++ b/net/core/dst.c
> @@ -433,8 +433,11 @@ static void dst_ifdown(struct dst_entry *dst,
> struct net_device *dev,
> dst->input = dst_discard;
> dst->output = dst_discard_out;
> } else {
> - dst->dev = dev_net(dst->dev)->loopback_dev;
> - dev_hold(dst->dev);
> + if (dst->dev != dev_net(dst->dev)->loopback_dev) {
> + dst->dev = dev_net(dst->dev)->loopback_dev;
> + dev_hold(dst->dev);
> + }
> +
> dev_put(dev);
> }
> }
This is complete garbage, now we have a dst somewhere in the system,
pointing to a device that might have been freed.
Crash might happen when dst->dev is used later.
Powered by blists - more mailing lists