On Thu, Nov 4, 2021 at 6:50 PM Dmitry Safonov <dima@xxxxxxxxxx> wrote: > > In quite unlikely scenario when __tcp_alloc_md5sig_pool() succeeded in > crypto_alloc_ahash(), but later failed to allocate per-cpu request or > scratch area ahash will be leaked. > In theory it can happen multiple times in OOM condition for every > setsockopt(TCP_MD5SIG{,_EXT}). Then store it in a global, like the other parts ? This makes the patch smaller, and hopefully the allocations will eventually succeed, one at a time. Bug fixes should target net tree, with a Fixes: tag, not buried in apatch series targeting net-next (which is closed btw) Thanks. diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index b461ae573afc82a2c37321b13c2d76f61cd13b53..e2353e35693935fb5abd7da4531c98b86fd35e1c 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4260,13 +4260,14 @@ static bool tcp_md5sig_pool_populated = false; static void __tcp_alloc_md5sig_pool(void) { - struct crypto_ahash *hash; + static struct crypto_ahash *hash; int cpu; - hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(hash)) - return; - + if (IS_ERR_OR_NULL(hash)) { + hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(hash)) + return; + } for_each_possible_cpu(cpu) { void *scratch = per_cpu(tcp_md5sig_pool, cpu).scratch; struct ahash_request *req;