From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Daniel Gröber" <dxld@darkboxed.org>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
wireguard@lists.zx2c4.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] wireguard: Fix leaking sockets in wg_socket_init error paths
Date: Mon, 23 Oct 2023 16:04:13 +0200 [thread overview]
Message-ID: <ZTZ9XfPOXD4JXdjk@zx2c4.com> (raw)
In-Reply-To: <20231023130609.595122-1-dxld@darkboxed.org>
Hi,
The signed-off-by is missing and the subject does not match the format
of any other wireguard commits.
On Mon, Oct 23, 2023 at 03:06:09PM +0200, Daniel Gröber wrote:
> This doesn't seem to be reachable normally, but while working on a patch
"Normally" as in what? At all? Or?
> for the address binding code I ended up triggering this leak and had to
> reboot to get rid of the leaking wg sockets.
This commit message doesn't describe any rationale for this patch. Can
you describe the bug?
> ---
> drivers/net/wireguard/socket.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c
> index 0414d7a6ce74..c35163f503e7 100644
> --- a/drivers/net/wireguard/socket.c
> +++ b/drivers/net/wireguard/socket.c
> @@ -387,7 +387,7 @@ int wg_socket_init(struct wg_device *wg, u16 port)
> ret = udp_sock_create(net, &port4, &new4);
> if (ret < 0) {
> pr_err("%s: Could not create IPv4 socket\n", wg->dev->name);
> - goto out;
> + goto err;
`new4` is either NULL or has already been freed here in the `goto retry`
case. `new6` is NULL here.
> }
> set_sock_opts(new4);
> setup_udp_tunnel_sock(net, new4, &cfg);
> @@ -402,7 +402,7 @@ int wg_socket_init(struct wg_device *wg, u16 port)
> goto retry;
> pr_err("%s: Could not create IPv6 socket\n",
> wg->dev->name);
> - goto out;
> + goto err;
`new4` has just been freed by `udp_tunnel_sock_release` just above the
context. `new6` is NULL.
> }
> set_sock_opts(new6);
> setup_udp_tunnel_sock(net, new6, &cfg);
> @@ -414,6 +414,11 @@ int wg_socket_init(struct wg_device *wg, u16 port)
> out:
> put_net(net);
> return ret;
> +
> +err:
> + sock_free(new4 ? new4->sk : NULL);
> + sock_free(new6 ? new6->sk : NULL);
> + goto out;
> }
>
> void wg_socket_reinit(struct wg_device *wg, struct sock *new4,
I don't see the bug. If there is one, maybe try again with a real patch
that describes it better. If there isn't one, what is the point?
Jason
next prev parent reply other threads:[~2023-10-23 14:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 13:06 [PATCH] wireguard: Fix leaking sockets in wg_socket_init error paths Daniel Gröber
2023-10-23 14:04 ` Jason A. Donenfeld [this message]
2023-10-23 15:59 ` Daniel Gröber
-- strict thread matches above, loose matches on Subject: below --
2023-08-17 20:02 Daniel Gröber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZTZ9XfPOXD4JXdjk@zx2c4.com \
--to=jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=dxld@darkboxed.org \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.