| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2018 11:00:10 +0800
From: Jason Wang <jasowang@...hat.com>
To: Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org
Cc: dvyukov@...gle.com
Subject: Re: [Patch net] tun: fix a memory leak for tfile->tx_array
On 2018年01月10日 08:07, Cong Wang wrote:
> tfile->tun could be detached before we close the tun fd,
> via tun_detach_all(), so it should not be used to check for
> tfile->tx_array.
>
> Use the same logic as in tun_attach(), just test !tfile->deatched.
>
> Reported-by: Dmitry Vyukov <dvyukov@...gle.com>
> Fixes: 1576d9860599 ("tun: switch to use skb array for tx")
> Cc: Jason Wang <jasowang@...hat.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>
> ---
> drivers/net/tun.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index 4f4a842a1c9c..1a1f834440a6 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -613,6 +613,7 @@ static void tun_queue_purge(struct tun_file *tfile)
>
> static void __tun_detach(struct tun_file *tfile, bool clean)
> {
> + bool clean_tx_array = !tfile->detached;
> struct tun_file *ntfile;
> struct tun_struct *tun;
>
> @@ -657,7 +658,7 @@ static void __tun_detach(struct tun_file *tfile, bool clean)
> tun->dev->reg_state == NETREG_REGISTERED)
> unregister_netdevice(tun->dev);
> }
> - if (tun)
> + if (clean_tx_array)
> skb_array_cleanup(&tfile->tx_array);
> sock_put(&tfile->sk);
> }
Looks like we may still leak if we do
open
attach
detach
close
Should we do cleanup unconditionally?
Thanks
Powered by blists - more mailing lists