From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst Date: Mon, 5 Feb 2018 16:20:49 -0700 Message-ID: References: <20180205194814.14006-1-tommi.t.rantala@nokia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: linux-sctp@vger.kernel.org, Neil Horman , Alexey Kodanev , Marcelo Ricardo Leitner To: Tommi Rantala , netdev@vger.kernel.org Return-path: Received: from mail-pl0-f52.google.com ([209.85.160.52]:38040 "EHLO mail-pl0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750818AbeBEXUv (ORCPT ); Mon, 5 Feb 2018 18:20:51 -0500 In-Reply-To: <20180205194814.14006-1-tommi.t.rantala@nokia.com> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 2/5/18 12:48 PM, Tommi Rantala wrote: > Fix dst reference count leak in sctp_v4_get_dst() introduced in commit > 410f03831 ("sctp: add routing output fallback"): > > When walking the address_list, successive ip_route_output_key() calls > may return the same rt->dst with the reference incremented on each call. > > The code would not decrement the dst refcount when the dst pointer was > identical from the previous iteration, causing the dst refcnt leak. > ... > ... > > Fixes: 410f03831 ("sctp: add routing output fallback") > Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses") any syzbot references for this bug? From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Date: Mon, 05 Feb 2018 23:20:49 +0000 Subject: Re: [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst Message-Id: List-Id: References: <20180205194814.14006-1-tommi.t.rantala@nokia.com> In-Reply-To: <20180205194814.14006-1-tommi.t.rantala@nokia.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Tommi Rantala , netdev@vger.kernel.org Cc: linux-sctp@vger.kernel.org, Neil Horman , Alexey Kodanev , Marcelo Ricardo Leitner On 2/5/18 12:48 PM, Tommi Rantala wrote: > Fix dst reference count leak in sctp_v4_get_dst() introduced in commit > 410f03831 ("sctp: add routing output fallback"): > > When walking the address_list, successive ip_route_output_key() calls > may return the same rt->dst with the reference incremented on each call. > > The code would not decrement the dst refcount when the dst pointer was > identical from the previous iteration, causing the dst refcnt leak. > ... > ... > > Fixes: 410f03831 ("sctp: add routing output fallback") > Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses") any syzbot references for this bug?