linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-03 07:38:10 +00:00

History

Tommi Rantala 4a31a6b19f sctp: fix dst refcnt leak in sctp_v4_get_dst Fix dst reference count leak in sctp_v4_get_dst() introduced in commit `410f03831` ("sctp: add routing output fallback"): When walking the address_list, successive ip_route_output_key() calls may return the same rt->dst with the reference incremented on each call. The code would not decrement the dst refcount when the dst pointer was identical from the previous iteration, causing the dst refcnt leak. Testcase: ip netns add TEST ip netns exec TEST ip link set lo up ip link add dummy0 type dummy ip link add dummy1 type dummy ip link add dummy2 type dummy ip link set dev dummy0 netns TEST ip link set dev dummy1 netns TEST ip link set dev dummy2 netns TEST ip netns exec TEST ip addr add 192.168.1.1/24 dev dummy0 ip netns exec TEST ip link set dummy0 up ip netns exec TEST ip addr add 192.168.1.2/24 dev dummy1 ip netns exec TEST ip link set dummy1 up ip netns exec TEST ip addr add 192.168.1.3/24 dev dummy2 ip netns exec TEST ip link set dummy2 up ip netns exec TEST sctp_test -H 192.168.1.2 -P 20002 -h 192.168.1.1 -p 20000 -s -B 192.168.1.3 ip netns del TEST In 4.4 and 4.9 kernels this results to: [ 354.179591] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 364.419674] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 374.663664] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 384.903717] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 395.143724] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 405.383645] unregister_netdevice: waiting for lo to become free. Usage count = 1 ... Fixes: `410f03831` ("sctp: add routing output fallback") Fixes: `0ca50d12f` ("sctp: fix src address selection if using secondary addresses") Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2018-02-05 21:21:51 -05:00
..
associola.c	sctp: implement enqueue_event for sctp_stream_interleave	2017-12-11 11:23:05 -05:00
auth.c	sctp: remove the typedef sctp_hmac_algo_param_t	2017-07-16 20:52:14 -07:00
bind_addr.c	sctp: remove the typedef sctp_scope_t	2017-08-06 21:33:41 -07:00
chunk.c	sctp: implement enqueue_event for sctp_stream_interleave	2017-12-11 11:23:05 -05:00
debug.c	sctp: add SCTP_CID_RECONF conversion in sctp_cname	2017-12-18 13:21:46 -05:00
endpointola.c	net: tracepoint: using sock_set_state tracepoint to trace SCTP state transition	2017-12-20 14:00:25 -05:00
input.c	sctp: fix the handling of ICMP Frag Needed for too small MTUs	2018-01-08 14:19:13 -05:00
inqueue.c	sctp: remove the typedef sctp_chunkhdr_t	2017-07-01 09:08:41 -07:00
ipv6.c	sctp: fix dst refcnt leak in sctp_v6_get_dst()	2018-02-05 21:21:13 -05:00
Kconfig	net: sctp: Remove debug SCTP probe module	2018-01-02 14:27:29 -05:00
Makefile	net: sctp: Remove debug SCTP probe module	2018-01-02 14:27:29 -05:00
objcnt.c	sctp: remove the typedef sctp_dbg_objcnt_entry_t	2017-08-11 10:02:43 -07:00
offload.c	gso: validate gso_type in GSO handlers	2018-01-22 16:01:30 -05:00
output.c	sctp: implement assign_number for sctp_stream_interleave	2017-12-11 11:23:04 -05:00
outqueue.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-01-17 00:10:42 -05:00
primitive.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
proc.c	net: delete /proc THIS_MODULE references	2018-01-16 15:01:33 -05:00
protocol.c	sctp: fix dst refcnt leak in sctp_v4_get_dst	2018-02-05 21:21:51 -05:00
sctp_diag.c	sctp: Fix a big endian bug in sctp_diag_dump()	2017-09-26 21:16:29 -07:00
sm_make_chunk.c	sctp: removed unused var from sctp_make_auth	2018-01-15 13:59:42 -05:00
sm_sideeffect.c	net: tracepoint: using sock_set_state tracepoint to trace SCTP state transition	2017-12-20 14:00:25 -05:00
sm_statefuns.c	net: sctp: Add SCTP ACK tracking trace event	2018-01-02 14:27:29 -05:00
sm_statetable.c	sctp: implement validate_ftsn for sctp_stream_interleave	2017-12-15 13:52:22 -05:00
socket.c	Currently, hardened usercopy performs dynamic bounds checking on slab	2018-02-03 16:25:42 -08:00
stream.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-01-09 10:37:00 -05:00
stream_interleave.c	sctp: implement handle_ftsn for sctp_stream_interleave	2017-12-15 13:52:22 -05:00
stream_sched.c	sctp: add stream interleave support in stream scheduler	2017-12-15 13:52:22 -05:00
stream_sched_prio.c	sctp: remove extern from stream sched	2017-11-28 11:00:13 -05:00
stream_sched_rr.c	sctp: remove extern from stream sched	2017-11-28 11:00:13 -05:00
sysctl.c	sctp: support sysctl to allow users to use stream interleave	2017-12-15 13:52:22 -05:00
transport.c	sctp: fix the handling of ICMP Frag Needed for too small MTUs	2018-01-08 14:19:13 -05:00
tsnmap.c	sctp: Fix FSF address in file headers	2013-12-06 12:37:56 -05:00
ulpevent.c	sctp: implement abort_pd for sctp_stream_interleave	2017-12-11 11:23:05 -05:00
ulpqueue.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-12-22 11:16:31 -05:00