| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Apr 2020 11:17:57 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: xiyuyang19@...an.edu.cn
Cc: borisp@...lanox.com, aviadye@...lanox.com,
john.fastabend@...il.com, daniel@...earbox.net, kuba@...nel.org,
ast@...nel.org, kafai@...com, songliubraving@...com, yhs@...com,
andriin@...com, kpsingh@...omium.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
yuanxzhang@...an.edu.cn, kjlu@....edu, tanxin.ctf@...il.com
Subject: Re: [PATCH] net/tls: Fix sk_psock refcnt leak in
bpf_exec_tx_verdict()
From: Xiyu Yang <xiyuyang19@...an.edu.cn>
Date: Sat, 25 Apr 2020 20:54:37 +0800
> bpf_exec_tx_verdict() invokes sk_psock_get(), which returns a reference
> of the specified sk_psock object to "psock" with increased refcnt.
>
> When bpf_exec_tx_verdict() returns, local variable "psock" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
>
> The reference counting issue happens in one exception handling path of
> bpf_exec_tx_verdict(). When "policy" equals to NULL but "psock" is not
> NULL, the function forgets to decrease the refcnt increased by
> sk_psock_get(), causing a refcnt leak.
>
> Fix this issue by calling sk_psock_put() on this error path before
> bpf_exec_tx_verdict() returns.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@...il.com>
Applied and queued up for -stable.
Powered by blists - more mailing lists