lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Apr 2017 09:03:51 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Wolfgang Bumiller <w.bumiller@...xmox.com>, netdev@...r.kernel.org Cc: "David S. Miller" <davem@...emloft.net>, Cong Wang <xiyou.wangcong@...il.com>, Roman Mashak <mrv@...atatu.com> Subject: Re: [PATCH v2 net 2/2] net sched actions: decrement module refcount earlier On 17-04-18 06:13 AM, Wolfgang Bumiller wrote: > Whether the reference count has to be decremented depends > on whether the policy was created. If TCA_ACT_COOKIE is > passed and an error occurs there, the same condition still > has to be honored. > > Signed-off-by: Wolfgang Bumiller <w.bumiller@...xmox.com> > Cc: Jamal Hadi Salim <jhs@...atatu.com> > --- > > I did not include the Acked-bys here because I've noticed that this > is still wrong. After reading a bit more and doing more tests with > different filters I realized that the `name != NULL` case is specific > to the police filter only. For the other filters this patch here breaks > refcounting in the error case (I included it for reference only). > I'm thinking the first patch should be enough. (I've tested forcing the > other filters into the error path *without* this patch and couldn't > produce crashes or reference count problems (while with this patch > applied it was leaking reference counts on creation (which makes sense > considering tcf_hash_release is used and the ACT_P_CREATED case will > keep repeating)). (Whereas without both patches simply looking through > creating and deleting a policing filter pretty much always resulted in > crashes with various different backtraces.) > The error path for cookie failure still needs handling. In retrospect: I think you should leave the module_put() to the end, it protects any unloading while the action is being processed. It may be worth remembering a_o->init() results and conditionally calling tcf_hash_release() based on whether a creation happened or not. I think your original patch had a similar idea without the extra variable I am suggesting. cheers, jamal
Powered by blists - more mailing lists