lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 24 May 2024 11:47:04 -0400
From: Dan Cross <crossd@...il.com>
To: Lars Kellogg-Stedman <lars@...bit.com>
Cc: Dan Carpenter <dan.carpenter@...aro.org>, Duoming Zhou <duoming@....edu.cn>, 
	linux-hams@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v4] ax25: Fix refcount imbalance on inbound connections

On Fri, May 24, 2024 at 11:25 AM Lars Kellogg-Stedman <lars@...bit.com> wrote:
> On Thu, May 23, 2024 at 04:39:27PM GMT, Dan Cross wrote:
> > On Thu, May 23, 2024 at 2:23 PM Dan Carpenter <dan.carpenter@...aro.org> wrote:
> > > The problem is that accept() and ax25_release() are not mirrored pairs.
>
> Right, but my in making this patch I wasn't thinking so much about
> accept/ax25_release, which as you say are not necessarily a mirrored
> pair...
>
> > It seems clear that this will happen for sockets that have a ref on
> > the device either via `bind` or via `accept`.
>
> ...but rather bind/accept, which *are*. The patch I've submitted gives
> us equivalent behavior on the code paths for inbound and outbound
> connections.
>
> Without this change, the ax.25 subsystem is completely broken. Maybe we
> can come up with a more correct fix down the road, or maybe we'll
> refactor all the things, but I would prefer to return the subsystem to a
> usable state while we figure that out.

I think the main thrust of my point yesterday was that your
accept/release _are_ paired, via `close`. It seems logical to me that
every active socket associated with a device should hold a ref against
that device, and your change does that.

Since I wrote yesterday, I've enabled a bunch of additional debugging
code in my kernel (ref tracking, memory leak detection, etc). I can
detect no evidence of leaks, despite trying several times to induce
them. Perhaps I'm not looking correctly? Dan Carpenter seems fairly
convinced that there are, but if that were the case, we ought to be
able to detect some evidence of it, no?

Absent evidence to the contrary, I believe that the patch you
submitted for integration is correct. There may be other bugs lurking
in that general area, but if so, they're only tangentially related, if
at all.

        - Dan C.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ