* [PATCH net] sctp: change to hold sk after auth shkey is created successfully
@ 2019-06-24 16:21 Xin Long
2019-06-25 11:18 ` Neil Horman
2019-06-27 2:30 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Xin Long @ 2019-06-24 16:21 UTC (permalink / raw)
To: network dev, linux-sctp
Cc: davem, Marcelo Ricardo Leitner, Neil Horman, syzkaller-bugs
Now in sctp_endpoint_init(), it holds the sk then creates auth
shkey. But when the creation fails, it doesn't release the sk,
which causes a sk defcnf leak,
Here to fix it by only holding the sk when auth shkey is created
successfully.
Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.")
Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com
Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
net/sctp/endpointola.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index e358437..69cebb2 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -118,10 +118,6 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
/* Initialize the bind addr area */
sctp_bind_addr_init(&ep->base.bind_addr, 0);
- /* Remember who we are attached to. */
- ep->base.sk = sk;
- sock_hold(ep->base.sk);
-
/* Create the lists of associations. */
INIT_LIST_HEAD(&ep->asocs);
@@ -154,6 +150,10 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
ep->prsctp_enable = net->sctp.prsctp_enable;
ep->reconf_enable = net->sctp.reconf_enable;
+ /* Remember who we are attached to. */
+ ep->base.sk = sk;
+ sock_hold(ep->base.sk);
+
return ep;
nomem_shkey:
--
2.1.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] sctp: change to hold sk after auth shkey is created successfully
2019-06-24 16:21 [PATCH net] sctp: change to hold sk after auth shkey is created successfully Xin Long
@ 2019-06-25 11:18 ` Neil Horman
2019-06-27 2:30 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Neil Horman @ 2019-06-25 11:18 UTC (permalink / raw)
To: Xin Long
Cc: network dev, linux-sctp, davem, Marcelo Ricardo Leitner, syzkaller-bugs
On Tue, Jun 25, 2019 at 12:21:45AM +0800, Xin Long wrote:
> Now in sctp_endpoint_init(), it holds the sk then creates auth
> shkey. But when the creation fails, it doesn't release the sk,
> which causes a sk defcnf leak,
>
> Here to fix it by only holding the sk when auth shkey is created
> successfully.
>
> Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.")
> Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com
> Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
> ---
> net/sctp/endpointola.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
> index e358437..69cebb2 100644
> --- a/net/sctp/endpointola.c
> +++ b/net/sctp/endpointola.c
> @@ -118,10 +118,6 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
> /* Initialize the bind addr area */
> sctp_bind_addr_init(&ep->base.bind_addr, 0);
>
> - /* Remember who we are attached to. */
> - ep->base.sk = sk;
> - sock_hold(ep->base.sk);
> -
> /* Create the lists of associations. */
> INIT_LIST_HEAD(&ep->asocs);
>
> @@ -154,6 +150,10 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
> ep->prsctp_enable = net->sctp.prsctp_enable;
> ep->reconf_enable = net->sctp.reconf_enable;
>
> + /* Remember who we are attached to. */
> + ep->base.sk = sk;
> + sock_hold(ep->base.sk);
> +
> return ep;
>
> nomem_shkey:
> --
> 2.1.0
>
>
Acked-by: Neil Horman <nhorman@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] sctp: change to hold sk after auth shkey is created successfully
2019-06-24 16:21 [PATCH net] sctp: change to hold sk after auth shkey is created successfully Xin Long
2019-06-25 11:18 ` Neil Horman
@ 2019-06-27 2:30 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2019-06-27 2:30 UTC (permalink / raw)
To: lucien.xin; +Cc: netdev, linux-sctp, marcelo.leitner, nhorman, syzkaller-bugs
From: Xin Long <lucien.xin@gmail.com>
Date: Tue, 25 Jun 2019 00:21:45 +0800
> Now in sctp_endpoint_init(), it holds the sk then creates auth
> shkey. But when the creation fails, it doesn't release the sk,
> which causes a sk defcnf leak,
>
> Here to fix it by only holding the sk when auth shkey is created
> successfully.
>
> Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.")
> Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com
> Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
Applied and queued up for -stable, thanks Xin.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-06-27 2:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-24 16:21 [PATCH net] sctp: change to hold sk after auth shkey is created successfully Xin Long
2019-06-25 11:18 ` Neil Horman
2019-06-27 2:30 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).