From: Xin Long <lucien.xin@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: network dev <netdev@vger.kernel.org>,
linux-sctp@vger.kernel.org,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>
Subject: Re: [PATCH net] sctp: change sctp_prot .no_autobind with true
Date: Wed, 16 Oct 2019 13:26:12 +0800 [thread overview]
Message-ID: <CADvbK_cdOXdcMv5ptyKNVAq2Q55XWP=A7u9bZ5-aNjnKoNZnZg@mail.gmail.com> (raw)
In-Reply-To: <20191015.203919.1387270193651224661.davem@davemloft.net>
On Wed, Oct 16, 2019 at 11:39 AM David Miller <davem@davemloft.net> wrote:
>
> From: Xin Long <lucien.xin@gmail.com>
> Date: Tue, 15 Oct 2019 15:24:38 +0800
>
> > syzbot reported a memory leak:
> >
> > BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
> > backtrace:
> ...
> > It was caused by when sending msgs without binding a port, in the path:
> > inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
> > .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
> > not. Later when binding another port by sctp_setsockopt_bindx(), a new
> > bucket will be created as bp->port is not set.
> >
> > sctp's autobind is supposed to call sctp_autobind() where it does all
> > things including setting bp->port. Since sctp_autobind() is called in
> > sctp_sendmsg() if the sk is not yet bound, it should have skipped the
> > auto bind.
> >
> > THis patch is to avoid calling inet_autobind() in inet_send_prepare()
> > by changing sctp_prot .no_autobind with true, also remove the unused
> > .get_port.
> >
> > Reported-by: syzbot+d44f7bbebdea49dbc84a@syzkaller.appspotmail.com
> > Signed-off-by: Xin Long <lucien.xin@gmail.com>
>
> Applied and queued up for -stable.
>
> Xin, in the future please always provide a Fixes: even if it is the
> initial kernel repository commit.
Copy, thanks.
WARNING: multiple messages have this Message-ID (diff)
From: Xin Long <lucien.xin@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: network dev <netdev@vger.kernel.org>,
linux-sctp@vger.kernel.org,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>
Subject: Re: [PATCH net] sctp: change sctp_prot .no_autobind with true
Date: Wed, 16 Oct 2019 05:26:12 +0000 [thread overview]
Message-ID: <CADvbK_cdOXdcMv5ptyKNVAq2Q55XWP=A7u9bZ5-aNjnKoNZnZg@mail.gmail.com> (raw)
In-Reply-To: <20191015.203919.1387270193651224661.davem@davemloft.net>
On Wed, Oct 16, 2019 at 11:39 AM David Miller <davem@davemloft.net> wrote:
>
> From: Xin Long <lucien.xin@gmail.com>
> Date: Tue, 15 Oct 2019 15:24:38 +0800
>
> > syzbot reported a memory leak:
> >
> > BUG: memory leak, unreferenced object 0xffff888120b3d380 (size 64):
> > backtrace:
> ...
> > It was caused by when sending msgs without binding a port, in the path:
> > inet_sendmsg() -> inet_send_prepare() -> inet_autobind() ->
> > .get_port/sctp_get_port(), sp->bind_hash will be set while bp->port is
> > not. Later when binding another port by sctp_setsockopt_bindx(), a new
> > bucket will be created as bp->port is not set.
> >
> > sctp's autobind is supposed to call sctp_autobind() where it does all
> > things including setting bp->port. Since sctp_autobind() is called in
> > sctp_sendmsg() if the sk is not yet bound, it should have skipped the
> > auto bind.
> >
> > THis patch is to avoid calling inet_autobind() in inet_send_prepare()
> > by changing sctp_prot .no_autobind with true, also remove the unused
> > .get_port.
> >
> > Reported-by: syzbot+d44f7bbebdea49dbc84a@syzkaller.appspotmail.com
> > Signed-off-by: Xin Long <lucien.xin@gmail.com>
>
> Applied and queued up for -stable.
>
> Xin, in the future please always provide a Fixes: even if it is the
> initial kernel repository commit.
Copy, thanks.
next prev parent reply other threads:[~2019-10-16 5:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 7:24 [PATCH net] sctp: change sctp_prot .no_autobind with true Xin Long
2019-10-15 7:24 ` Xin Long
2019-10-15 14:35 ` Marcelo Ricardo Leitner
2019-10-15 14:35 ` Marcelo Ricardo Leitner
2019-10-16 3:39 ` David Miller
2019-10-16 3:39 ` David Miller
2019-10-16 5:26 ` Xin Long [this message]
2019-10-16 5:26 ` Xin Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADvbK_cdOXdcMv5ptyKNVAq2Q55XWP=A7u9bZ5-aNjnKoNZnZg@mail.gmail.com' \
--to=lucien.xin@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.