| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Aug 2023 03:30:21 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Magnus Karlsson <magnus.karlsson@...il.com>
Cc: magnus.karlsson@...el.com, bjorn@...nel.org, ast@...nel.org,
daniel@...earbox.net, netdev@...r.kernel.org, maciej.fijalkowski@...el.com,
jonathan.lemon@...il.com, bpf@...r.kernel.org,
syzbot+8ada0057e69293a05fd4@...kaller.appspotmail.com
Subject: Re: [PATCH bpf] xsk: fix refcount underflow in error path
Hello:
This patch was applied to bpf/bpf.git (master)
by Martin KaFai Lau <martin.lau@...nel.org>:
On Wed, 9 Aug 2023 16:28:43 +0200 you wrote:
> From: Magnus Karlsson <magnus.karlsson@...el.com>
>
> Fix a refcount underflow problem reported by syzbot that can happen
> when a system is running out of memory. If xp_alloc_tx_descs() fails,
> and it can only fail due to not having enough memory, then the error
> path is triggered. In this error path, the refcount of the pool is
> decremented as it has incremented before. However, the reference to
> the pool in the socket was not nulled. This means that when the socket
> is closed later, the socket teardown logic will think that there is a
> pool attached to the socket and try to decrease the refcount again,
> leading to a refcount underflow.
>
> [...]
Here is the summary with links:
- [bpf] xsk: fix refcount underflow in error path
https://git.kernel.org/bpf/bpf/c/85c2c79a0730
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists