From: "hoang.h.le" <hoang.h.le@dektech.com.au>
To: Tuong Lien <tuong.t.lien@dektech.com.au>
Cc: davem@davemloft.net, jmaloy@redhat.com, maloy@donjonn.com,
ying.xue@windriver.com, netdev@vger.kernel.org,
tipc-discussion@lists.sourceforge.net
Subject: Re: [net 1/2] Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv"
Date: Tue, 2 Jun 2020 12:42:32 +0700 [thread overview]
Message-ID: <20200602053046.GA7054@example.com> (raw)
In-Reply-To: <20200602044641.10535-2-tuong.t.lien@dektech.com.au>
On Tue, Jun 02, 2020 at 11:46:40AM +0700, Tuong Lien wrote:
Tested-by: Hoang Le <hoang.h.le@dektech.com.au>
> This reverts commit de058420767df21e2b6b0f3bb36d1616fb962032.
>
> There is no actual tipc_node refcnt leak as stated in the above commit.
> The refcnt is hold carefully for the case of an asynchronous decryption
> (i.e. -EINPROGRESS/-EBUSY and skb = NULL is returned), so that the node
> object cannot be freed in the meantime. The counter will be re-balanced
> when the operation's callback arrives with the decrypted buffer if any.
> In other cases, e.g. a synchronous crypto the counter will be decreased
> immediately when it is done.
>
> Now with that commit, a kernel panic will occur when there is no node
> found (i.e. n = NULL) in the 'tipc_rcv()' or a premature release of the
> node object.
>
> This commit solves the issues by reverting the said commit, but keeping
> one valid case that the 'skb_linearize()' is failed.
>
> Acked-by: Jon Maloy <jmaloy@redhat.com>
> Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
> ---
> net/tipc/node.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 0312fb181d94..a4c2816c3746 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -2038,7 +2038,6 @@ void tipc_rcv(struct net *net, struct sk_buff *skb, struct tipc_bearer *b)
> n = tipc_node_find_by_id(net, ehdr->id);
> }
> tipc_crypto_rcv(net, (n) ? n->crypto_rx : NULL, &skb, b);
> - tipc_node_put(n);
> if (!skb)
> return;
>
next prev parent reply other threads:[~2020-06-02 5:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-02 4:46 [net 0/2] tipc: revert two patches Tuong Lien
2020-06-02 4:46 ` [net 1/2] Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" Tuong Lien
2020-06-02 5:42 ` hoang.h.le [this message]
2020-06-02 4:46 ` [net 2/2] Revert "tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv" Tuong Lien
2020-06-02 22:16 ` [net 0/2] tipc: revert two patches David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200602053046.GA7054@example.com \
--to=hoang.h.le@dektech.com.au \
--cc=davem@davemloft.net \
--cc=jmaloy@redhat.com \
--cc=maloy@donjonn.com \
--cc=netdev@vger.kernel.org \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=tuong.t.lien@dektech.com.au \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.