| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220414075102.84366-1-tonylu@linux.alibaba.com>
Date: Thu, 14 Apr 2022 15:51:03 +0800
From: Tony Lu <tonylu@...ux.alibaba.com>
To: kgraul@...ux.ibm.com, davem@...emloft.net, kuba@...nel.org,
pabeni@...hat.com
Cc: netdev@...r.kernel.org, linux-s390@...r.kernel.org
Subject: [PATCH net] net/smc: Fix sock leak when release after smc_shutdown()
Since commit e5d5aadcf3cd ("net/smc: fix sk_refcnt underflow on linkdown
and fallback"), for a fallback connection, __smc_release() does not call
sock_put() if its state is already SMC_CLOSED.
When calling smc_shutdown() after falling back, its state is set to
SMC_CLOSED but does not call sock_put(), so this patch calls it.
Reported-and-tested-by: syzbot+6e29a053eb165bd50de5@...kaller.appspotmail.com
Fixes: e5d5aadcf3cd ("net/smc: fix sk_refcnt underflow on linkdown and fallback")
Signed-off-by: Tony Lu <tonylu@...ux.alibaba.com>
---
net/smc/af_smc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index f0d118e9f155..f842425da6ec 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -2664,8 +2664,10 @@ static int smc_shutdown(struct socket *sock, int how)
if (smc->use_fallback) {
rc = kernel_sock_shutdown(smc->clcsock, how);
sk->sk_shutdown = smc->clcsock->sk->sk_shutdown;
- if (sk->sk_shutdown == SHUTDOWN_MASK)
+ if (sk->sk_shutdown == SHUTDOWN_MASK) {
sk->sk_state = SMC_CLOSED;
+ sock_put(sk);
+ }
goto out;
}
switch (how) {
--
2.32.0.3.g01195cf9f
Powered by blists - more mailing lists