lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANn89iLW5dbuepQ1m-haz=ji4rQv1JVp=uAGacdKCsGfdrUaFA@mail.gmail.com>
Date:   Fri, 22 Jul 2022 19:08:23 +0200
From:   Eric Dumazet <edumazet@...gle.com>
To:     Taehee Yoo <ap420073@...il.com>
Cc:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        netdev <netdev@...r.kernel.org>,
        Hangbin Liu <liuhangbin@...il.com>
Subject: Re: [PATCH net v2] net: mld: fix reference count leak in mld_{query | report}_work()

On Fri, Jul 22, 2022 at 7:06 PM Taehee Yoo <ap420073@...il.com> wrote:
>
> mld_{query | report}_work() processes queued events.
> If there are too many events in the queue, it re-queue a work.
> And then, it returns without in6_dev_put().
> But if queuing is failed, it should call in6_dev_put(), but it doesn't.
> So, a reference count leak would occur.
>
> THREAD0                         THREAD1
> mld_report_work()
>                                 spin_lock_bh()
>                                 if (!mod_delayed_work())
>                                         in6_dev_hold();
>                                 spin_unlock_bh()
>         spin_lock_bh()
>         schedule_delayed_work()
>         spin_unlock_bh()
>
> Script to reproduce(by Hangbin Liu):
>    ip netns add ns1
>    ip netns add ns2
>    ip netns exec ns1 sysctl -w net.ipv6.conf.all.force_mld_version=1
>    ip netns exec ns2 sysctl -w net.ipv6.conf.all.force_mld_version=1
>
>    ip -n ns1 link add veth0 type veth peer name veth0 netns ns2
>    ip -n ns1 link set veth0 up
>    ip -n ns2 link set veth0 up
>
>    for i in `seq 50`; do
>            for j in `seq 100`; do
>                    ip -n ns1 addr add 2021:${i}::${j}/64 dev veth0
>                    ip -n ns2 addr add 2022:${i}::${j}/64 dev veth0
>            done
>    done
>    modprobe -r veth
>    ip -a netns del
>

> Tested-by: Hangbin Liu <liuhangbin@...il.com>
> Fixes: f185de28d9ae ("mld: add new workqueues for process mld events")
> Signed-off-by: Taehee Yoo <ap420073@...il.com>
> ---

Reviewed-by: Eric Dumazet <edumazet@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ