lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 27 Apr 2020 11:23:10 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     xiyuyang19@...an.edu.cn
Cc:     borisp@...lanox.com, aviadye@...lanox.com,
        john.fastabend@...il.com, daniel@...earbox.net, kuba@...nel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        yuanxzhang@...an.edu.cn, kjlu@....edu, tanxin.ctf@...il.com
Subject: Re: [PATCH] net/tls: Fix sk_psock refcnt leak when in
 tls_data_ready()

From: Xiyu Yang <xiyuyang19@...an.edu.cn>
Date: Sat, 25 Apr 2020 21:10:23 +0800

> tls_data_ready() invokes sk_psock_get(), which returns a reference of
> the specified sk_psock object to "psock" with increased refcnt.
> 
> When tls_data_ready() returns, local variable "psock" becomes invalid,
> so the refcount should be decreased to keep refcount balanced.
> 
> The reference counting issue happens in one exception handling path of
> tls_data_ready(). When "psock->ingress_msg" is empty but "psock" is not
> NULL, the function forgets to decrease the refcnt increased by
> sk_psock_get(), causing a refcnt leak.
> 
> Fix this issue by calling sk_psock_put() on all paths when "psock" is
> not NULL.
> 
> Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@...il.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists