lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Oct 2020 13:50:23 -0700 From: Cong Wang <xiyou.wangcong@...il.com> To: Tung Nguyen <tung.q.nguyen@...tech.com.au> Cc: David Miller <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, tipc-discussion@...ts.sourceforge.net Subject: Re: [tipc-discussion] [net v3 1/1] tipc: fix memory leak caused by tipc_buf_append() On Tue, Oct 27, 2020 at 1:09 PM Tung Nguyen <tung.q.nguyen@...tech.com.au> wrote: > > Commit ed42989eab57 ("tipc: fix the skb_unshare() in tipc_buf_append()") > replaced skb_unshare() with skb_copy() to not reduce the data reference > counter of the original skb intentionally. This is not the correct > way to handle the cloned skb because it causes memory leak in 2 > following cases: > 1/ Sending multicast messages via broadcast link > The original skb list is cloned to the local skb list for local > destination. After that, the data reference counter of each skb > in the original list has the value of 2. This causes each skb not > to be freed after receiving ACK: This does not make sense at all. skb_unclone() expects refcnt == 1, as stated in the comments above pskb_expand_head(). skb_unclone() was used prior to Xin Long's commit. So either the above is wrong, or something important is still missing in your changelog. None of them is addressed in your V3. I also asked you two questions before you sent V3, you seem to intentionally ignore them. This is not how we collaborate. Thanks.
Powered by blists - more mailing lists