lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 19 Dec 2023 14:06:07 -0800
From: John Fastabend <john.fastabend@...il.com>
To: John Fastabend <john.fastabend@...il.com>, 
 John Fastabend <john.fastabend@...il.com>, 
 Kuniyuki Iwashima <kuniyu@...zon.com>, 
 xrivendell7@...il.com
Cc: alexander@...alicyn.com, 
 bpf@...r.kernel.org, 
 daan.j.demeyer@...il.com, 
 davem@...emloft.net, 
 dhowells@...hat.com, 
 edumazet@...gle.com, 
 john.fastabend@...il.com, 
 kuba@...nel.org, 
 kuniyu@...zon.com, 
 linux-kernel@...r.kernel.org, 
 netdev@...r.kernel.org, 
 pabeni@...hat.com
Subject: Re: memory leak in unix_create1/copy_process/security_prepare_creds

John Fastabend wrote:
> John Fastabend wrote:
> > Kuniyuki Iwashima wrote:
> > > From: xingwei lee <xrivendell7@...il.com>
> > > Date: Tue, 19 Dec 2023 17:12:25 +0800
> > > > Hello I found a bug in net/af_unix in the lastest upstream linux
> > > > 6.7.rc5 and comfired in lastest net/net-next/bpf/bpf-next tree.
> > > > Titled "TITLE: memory leak in unix_create1” and I also upload the
> > > > repro.c and repro.txt.
> > > > 
> > > > If you fix this issue, please add the following tag to the commit:
> > > > Reported-by: xingwei Lee <xrivendell7@...il.com>
> > > 
> > > Thanks for reporting!
> > > 
> > > It seems 8866730aed510 forgot to add sock_put().
> > > I've confirmed that the diff below silenced kmemleak but will check
> > > more before posting a patch.
> > 
> > Did it really silence the memleak?
> 
> Yes reverting the patch fixed the issue for me.

The problem is we call proto update twice that bumps the refcnt
when adding a the same element to the map in the same slot. I'll fix
this on sockmap side so we can keep the current af_unix logic. Should
be able to push a fix tomorrow.

We probably never noticed for other socket types because its an
unusal replace to do same sock/same slot, but af_unix has this
side effect of incrementing the refcnt that doesn't exist elsewhere.

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ