Re: [PATCH 2/5] tcp/md5: Don't leak ahash in OOM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 4, 2021 at 6:50 PM Dmitry Safonov <dima@xxxxxxxxxx> wrote:
>
> In quite unlikely scenario when __tcp_alloc_md5sig_pool() succeeded in
> crypto_alloc_ahash(), but later failed to allocate per-cpu request or
> scratch area ahash will be leaked.
> In theory it can happen multiple times in OOM condition for every
> setsockopt(TCP_MD5SIG{,_EXT}).

Then store it in a global, like the other parts ?

This makes the patch smaller, and hopefully the allocations will
eventually succeed,
one at a time.

Bug fixes should target net tree, with a Fixes: tag, not buried in
apatch series targeting net-next (which is closed btw)

Thanks.

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index b461ae573afc82a2c37321b13c2d76f61cd13b53..e2353e35693935fb5abd7da4531c98b86fd35e1c
100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4260,13 +4260,14 @@ static bool tcp_md5sig_pool_populated = false;

 static void __tcp_alloc_md5sig_pool(void)
 {
-       struct crypto_ahash *hash;
+       static struct crypto_ahash *hash;
        int cpu;

-       hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
-       if (IS_ERR(hash))
-               return;
-
+       if (IS_ERR_OR_NULL(hash)) {
+               hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
+               if (IS_ERR(hash))
+                       return;
+       }
        for_each_possible_cpu(cpu) {
                void *scratch = per_cpu(tcp_md5sig_pool, cpu).scratch;
                struct ahash_request *req;



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux