lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20190115.134530.2064889292553007441.davem@davemloft.net>
Date:   Tue, 15 Jan 2019 13:45:30 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     idosch@...lanox.com
Cc:     netdev@...r.kernel.org, dsahern@...il.com
Subject: Re: [PATCH net] net: ipv4: Fix memory leak in network namespace
 dismantle

From: Ido Schimmel <idosch@...lanox.com>
Date: Wed, 9 Jan 2019 09:57:39 +0000

> IPv4 routing tables are flushed in two cases:
> 
> 1. In response to events in the netdev and inetaddr notification chains
> 2. When a network namespace is being dismantled
> 
> In both cases only routes associated with a dead nexthop group are
> flushed. However, a nexthop group will only be marked as dead in case it
> is populated with actual nexthops using a nexthop device. This is not
> the case when the route in question is an error route (e.g.,
> 'blackhole', 'unreachable').
> 
> Therefore, when a network namespace is being dismantled such routes are
> not flushed and leaked [1].
> 
> To reproduce:
> # ip netns add blue
> # ip -n blue route add unreachable 192.0.2.0/24
> # ip netns del blue
> 
> Fix this by not skipping error routes that are not marked with
> RTNH_F_DEAD when flushing the routing tables.
> 
> To prevent the flushing of such routes in case #1, add a parameter to
> fib_table_flush() that indicates if the table is flushed as part of
> namespace dismantle or not.
> 
> Note that this problem does not exist in IPv6 since error routes are
> associated with the loopback device.
 ...
> Fixes: 8cced9eff1d4 ("[NETNS]: Enable routing configuration in non-initial namespace.")
> Signed-off-by: Ido Schimmel <idosch@...lanox.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ