| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Oct 2021 16:09:01 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: shjy180909@...il.com
Cc: netdev@...r.kernel.org
Subject: [bug report] net: ipv6: check return value of rhashtable_init
Hello MichelleJin,
The patch f04ed7d277e8: "net: ipv6: check return value of
rhashtable_init" from Sep 27, 2021, leads to the following
Smatch static checker warning:
net/ipv6/seg6.c:379 seg6_net_init()
warn: 'sdata' was already freed.
net/ipv6/seg6.c
358 static int __net_init seg6_net_init(struct net *net)
359 {
360 struct seg6_pernet_data *sdata;
361
362 sdata = kzalloc(sizeof(*sdata), GFP_KERNEL);
363 if (!sdata)
364 return -ENOMEM;
365
366 mutex_init(&sdata->lock);
367
368 sdata->tun_src = kzalloc(sizeof(*sdata->tun_src), GFP_KERNEL);
369 if (!sdata->tun_src) {
370 kfree(sdata);
371 return -ENOMEM;
372 }
373
374 net->ipv6.seg6_data = sdata;
375
376 #ifdef CONFIG_IPV6_SEG6_HMAC
377 if (seg6_hmac_net_init(net)) {
378 kfree(sdata);
^^^^^
--> 379 kfree(rcu_dereference_raw(sdata->tun_src));
^^^^^
Use after free. The truth is that I don't understand RCU well enough
to say if just changing the order of this code is enough to fix it?
380 return -ENOMEM;
381 };
382 #endif
383
384 return 0;
385 }
regards,
dan carpenter
Powered by blists - more mailing lists