lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <91681490-63fa-405f-84cc-7ec0236eba8a@uliege.be>
Date: Thu, 30 Jan 2025 14:41:56 +0100
From: Justin Iurman <justin.iurman@...ege.be>
To: Simon Horman <horms@...nel.org>, Jakub Kicinski <kuba@...nel.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
 pabeni@...hat.com, andrew+netdev@...n.ch, dsahern@...nel.org
Subject: Re: [PATCH net v2 2/2] net: ipv6: fix dst ref loops in rpl, seg6 and
 ioam6 lwtunnels

On 1/30/25 11:28, Simon Horman wrote:
> On Wed, Jan 29, 2025 at 07:15:19PM -0800, Jakub Kicinski wrote:
>> Some lwtunnels have a dst cache for post-transformation dst.
>> If the packet destination did not change we may end up recording
>> a reference to the lwtunnel in its own cache, and the lwtunnel
>> state will never be freed.
>>
>> Discovered by the ioam6.sh test, kmemleak was recently fixed
>> to catch per-cpu memory leaks. I'm not sure if rpl and seg6
>> can actually hit this, but in principle I don't see why not.
>>
>> Fixes: 985ec6f5e623 ("net: ipv6: rpl_iptunnel: mitigate 2-realloc issue")
>> Fixes: 40475b63761a ("net: ipv6: seg6_iptunnel: mitigate 2-realloc issue")
>> Fixes: dce525185bc9 ("net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue")
>> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
>> ---
>> v2:
>>   - fix spello in the comments
>> v1: https://lore.kernel.org/20250129021346.2333089-2-kuba@kernel.org
> 
> Hi Jakub,
> 
> This fix looks correct to me. And I believe that the double allocation
> issue raised at the cited link for v1 relates to an optimisation
> rather than a bug, so this patch seems appropriate for net without
> addressing that issue.

+1. Just to make sure, do you think I should re-apply a fix for the 
double allocation on top of this one and target net or net-next?

> I am, however, unsure why the cited patches are used in the Fixes tags
> rather than the patches that added use of the cache to the output
> routines.
> 
> e.g. af4a2209b134 ("ipv6: sr: use dst_cache in seg6_input")
> 
> ...

This was my thought as well. While Fixes tags are correct for #1, what 
#2 is trying to fix was already there before 985ec6f5e623, 40475b63761a 
and dce525185bc9 respectively. I think it should be:

Fixes: 8cb3bf8bff3c ("ipv6: ioam: Add support for the ip6ip6 encapsulation")
Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and 
injection with lwtunnels")
Fixes: a7a29f9c361f ("net: ipv6: add rpl sr tunnel")

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ