From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Wang Subject: Re: linux-next: BUG: KASAN: use-after-free in tun_chr_close Date: Wed, 16 May 2018 15:52:11 +0800 Message-ID: <4e3d8bad-e907-e917-50d4-4a0820409110@redhat.com> References: <20180516062825.GA11416@outlook.office365.com> <20180516071224.GB11416@outlook.office365.com> <9a7440ca-05dd-7ff6-0fa0-a96afc9ed780@redhat.com> <20180516074019.GA5601@outlook.office365.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: netdev@vger.kernel.org To: Andrei Vagin Return-path: Received: from mx3-rdu2.redhat.com ([66.187.233.73]:56168 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751182AbeEPHwQ (ORCPT ); Wed, 16 May 2018 03:52:16 -0400 In-Reply-To: <20180516074019.GA5601@outlook.office365.com> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 2018年05月16日 15:40, Andrei Vagin wrote: > On Wed, May 16, 2018 at 03:32:59PM +0800, Jason Wang wrote: >> On 2018年05月16日 15:12, Andrei Vagin wrote: >>> Hi Jason, >>> >>> I think the problem is in "tun: hold a tun socket during ptr_ring_cleanup". >>> >>> Pls take a look at the attached patch. >> Yes. >> >> It looks to me it's not necessary to take extra refcnt during release, we >> can just do the cleanup at __tun_detach(). >> >> Could you help to test the attached patch? > I've run my test on the kernel with this patch. It fixes the problem. > The patch looks correct for me. > > Acked-by: Andrei Vagin > Cool, thanks a lot! Let me post a formal patch.