netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
@ 2008-06-03 11:08 Denis V. Lunev
  2008-06-03 11:35 ` YOSHIFUJI Hideaki / 吉藤英明
  0 siblings, 1 reply; 6+ messages in thread
From: Denis V. Lunev @ 2008-06-03 11:08 UTC (permalink / raw)
  To: yoshfuji; +Cc: davem, netdev, kaber, Denis V. Lunev

ip6_sk_dst_lookup returns held dst entry. It should be released on all paths
beyond this point. Add missed release when up->pending is set.

Signed-off-by: Denis V. Lunev <den@openvz.org>
---
 net/ipv6/udp.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 1fd784f..3235528 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -813,6 +813,7 @@ back_from_confirm:
 		/* The socket is already corked while preparing it. */
 		/* ... which is an evident application bug. --ANK */
 		release_sock(sk);
+		dst_release(dst);
 
 		LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 2\n");
 		err = -EINVAL;
-- 
1.5.3.rc5


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
  2008-06-03 11:08 [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg Denis V. Lunev
@ 2008-06-03 11:35 ` YOSHIFUJI Hideaki / 吉藤英明
  2008-06-03 11:50   ` Denis V. Lunev
  0 siblings, 1 reply; 6+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2008-06-03 11:35 UTC (permalink / raw)
  To: den; +Cc: davem, netdev, kaber, yoshfuji

In article <1212491322-9161-1-git-send-email-den@openvz.org> (at Tue,  3 Jun 2008 15:08:42 +0400), "Denis V. Lunev" <den@openvz.org> says:

> ip6_sk_dst_lookup returns held dst entry. It should be released on all paths
> beyond this point. Add missed release when up->pending is set.

Which kernel are you refering?
And, would you please take a look at ipv4 side as well?

--yoshfuji

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
  2008-06-03 11:35 ` YOSHIFUJI Hideaki / 吉藤英明
@ 2008-06-03 11:50   ` Denis V. Lunev
  2008-06-03 16:26     ` YOSHIFUJI Hideaki / 吉藤英明
  0 siblings, 1 reply; 6+ messages in thread
From: Denis V. Lunev @ 2008-06-03 11:50 UTC (permalink / raw)
  To: YOSHIFUJI Hideaki / 吉藤英明; +Cc: davem, netdev, kaber

On Tue, 2008-06-03 at 20:35 +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <1212491322-9161-1-git-send-email-den@openvz.org> (at Tue,  3 Jun 2008 15:08:42 +0400), "Denis V. Lunev" <den@openvz.org> says:
> 
> > ip6_sk_dst_lookup returns held dst entry. It should be released on all paths
> > beyond this point. Add missed release when up->pending is set.
> 
> Which kernel are you refering?
The patch is made against current net-2.6 tree, though all kernels are
affected, starting at least RHEL5

> And, would you please take a look at ipv4 side as well?

ipv4 is ok, the code looks the same but there is an ip_rt_put at the
out: label.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
  2008-06-03 11:50   ` Denis V. Lunev
@ 2008-06-03 16:26     ` YOSHIFUJI Hideaki / 吉藤英明
  2008-06-03 16:34       ` Denis V. Lunev
  0 siblings, 1 reply; 6+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2008-06-03 16:26 UTC (permalink / raw)
  To: den; +Cc: davem, netdev, kaber, yoshfuji

In article <1212493845.6499.29.camel@iris.sw.ru> (at Tue, 03 Jun 2008 15:50:45 +0400), "Denis V. Lunev" <den@openvz.org> says:

> On Tue, 2008-06-03 at 20:35 +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> > In article <1212491322-9161-1-git-send-email-den@openvz.org> (at Tue,  3 Jun 2008 15:08:42 +0400), "Denis V. Lunev" <den@openvz.org> says:
> > 
> > > ip6_sk_dst_lookup returns held dst entry. It should be released on all paths
> > > beyond this point. Add missed release when up->pending is set.
> > 
> > Which kernel are you refering?
> The patch is made against current net-2.6 tree, though all kernels are
> affected, starting at least RHEL5
> 
> > And, would you please take a look at ipv4 side as well?
> 
> ipv4 is ok, the code looks the same but there is an ip_rt_put at the
> out: label.
> 

Okay, I think we have one more leakage here (in do_confirm path).
How about this?

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 1fd784f..47123bf 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -848,12 +848,14 @@ do_append_data:
 		} else {
 			dst_release(dst);
 		}
+		dst = NULL;
 	}
 
 	if (err > 0)
 		err = np->recverr ? net_xmit_errno(err) : 0;
 	release_sock(sk);
 out:
+	dst_release(dst);
 	fl6_sock_release(flowlabel);
 	if (!err)
 		return len;

--yoshfuji

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
  2008-06-03 16:26     ` YOSHIFUJI Hideaki / 吉藤英明
@ 2008-06-03 16:34       ` Denis V. Lunev
  2008-06-03 16:36         ` YOSHIFUJI Hideaki / 吉藤英明
  0 siblings, 1 reply; 6+ messages in thread
From: Denis V. Lunev @ 2008-06-03 16:34 UTC (permalink / raw)
  To: YOSHIFUJI Hideaki / 吉藤英明; +Cc: davem, netdev, kaber

Acked-by: Denis V. Lunev <den@openvz.org>

On Wed, 2008-06-04 at 01:26 +0900, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> udp.c


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg.
  2008-06-03 16:34       ` Denis V. Lunev
@ 2008-06-03 16:36         ` YOSHIFUJI Hideaki / 吉藤英明
  0 siblings, 0 replies; 6+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2008-06-03 16:36 UTC (permalink / raw)
  To: den; +Cc: davem, netdev, kaber, yoshfuji

In article <1212510848.12028.0.camel@iris.sw.ru> (at Tue, 03 Jun 2008 20:34:08 +0400), "Denis V. Lunev" <den@openvz.org> says:

> Acked-by: Denis V. Lunev <den@openvz.org>

Okay, I'm queueing this for net-2.6.  Thanks.

--yoshfuji

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-06-03 16:35 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-03 11:08 [PATCH] [UDPv6] Possible dst leak in udpv6_sendmsg Denis V. Lunev
2008-06-03 11:35 ` YOSHIFUJI Hideaki / 吉藤英明
2008-06-03 11:50   ` Denis V. Lunev
2008-06-03 16:26     ` YOSHIFUJI Hideaki / 吉藤英明
2008-06-03 16:34       ` Denis V. Lunev
2008-06-03 16:36         ` YOSHIFUJI Hideaki / 吉藤英明

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).