| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Aug 2020 10:43:57 +0900
From: Toshiaki Makita <toshiaki.makita1@...il.com>
To: Rustam Kovhaev <rkovhaev@...il.com>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
gregkh@...uxfoundation.org
Subject: Re: [PATCH] veth: fix memory leak in veth_newlink()
On 2020/08/31 9:51, Rustam Kovhaev wrote:
> On Mon, Aug 31, 2020 at 09:16:32AM +0900, Toshiaki Makita wrote:
>> On 2020/08/30 22:13, Rustam Kovhaev wrote:
>>> when register_netdevice(dev) fails we should check whether struct
>>> veth_rq has been allocated via ndo_init callback and free it, because,
>>> depending on the code path, register_netdevice() might not call
>>> priv_destructor() callback
>>
>> AFAICS, register_netdevice() always goto err_uninit and calls priv_destructor()
>> on failure after ndo_init() succeeded.
>> So I could not find such a code path.
>> Would you elaborate on it?
>
> in net/core/dev.c:9863, where register_netdevice() calls rollback_registered(),
> which does not call priv_destructor(), then register_netdevice() returns error
> net/core/dev.c:9884
Thank you, now I see the code path.
But then all devices which allocate something in ndo_init() and free them in
priv_destructor() are affected? E.g. loopback and ifb seem to do such thing.
Why not calling priv_destructor() after invocation of rollback_registered()?
It looks weird that only that path does not call priv_destructor().
Toshiaki Makita
Powered by blists - more mailing lists