| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJ8uoz2p4tZVGDjSn5WW3hWne0+4HWvAg8Z0JvkVA5z+hygVNw@mail.gmail.com>
Date: Mon, 23 Nov 2020 09:28:29 +0100
From: Magnus Karlsson <magnus.karlsson@...il.com>
To: Marek Majtyka <alardam@...il.com>
Cc: "Karlsson, Magnus" <magnus.karlsson@...el.com>,
Björn Töpel <bjorn.topel@...el.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Network Development <netdev@...r.kernel.org>,
Jonathan Lemon <jonathan.lemon@...il.com>,
Marek Majtyka <marekx.majtyka@...el.com>,
bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf] xsk: fix incorrect netdev reference count
On Fri, Nov 20, 2020 at 4:17 PM <alardam@...il.com> wrote:
>
> From: Marek Majtyka <marekx.majtyka@...el.com>
>
> Fix incorrect netdev reference count in xsk_bind operation. Incorrect
> reference count of the device appears when a user calls bind with the
> XDP_ZEROCOPY flag on an interface which does not support zero-copy.
> In such a case, an error is returned but the reference count is not
> decreased. This change fixes the fault, by decreasing the reference count
> in case of such an error.
>
> The problem being corrected appeared in '162c820ed896' for the first time,
> and the code was moved to new file location over the time with commit
> 'c2d3d6a47462'. This specific patch applies to all version starting
> from 'c2d3d6a47462'. The same solution should be applied but on different
> file (net/xdp/xdp_umem.c) and function (xdp_umem_assign_dev) for versions
> from '162c820ed896' to 'c2d3d6a47462' excluded.
>
> Fixes: 162c820ed896 ("xdp: hold device for umem regardless of zero- ...")
> Signed-off-by: Marek Majtyka <marekx.majtyka@...el.com>
> ---
> net/xdp/xsk_buff_pool.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/xdp/xsk_buff_pool.c b/net/xdp/xsk_buff_pool.c
> index 8a3bf4e1318e..46d09bfb1923 100644
> --- a/net/xdp/xsk_buff_pool.c
> +++ b/net/xdp/xsk_buff_pool.c
> @@ -185,8 +185,10 @@ static int __xp_assign_dev(struct xsk_buff_pool *pool,
> err_unreg_pool:
> if (!force_zc)
> err = 0; /* fallback to copy mode */
> - if (err)
> + if (err) {
> xsk_clear_pool_at_qid(netdev, queue_id);
> + dev_put(netdev);
> + }
> return err;
> }
Thank you Marek for spotting and fixing this!
Acked-by: Magnus Karlsson <magnus.karlsson@...el.com>
> --
> 2.27.0
>
Powered by blists - more mailing lists