Re: KASAN: use-after-free Read in rtnetlink_put_metrics

From: David Miller
Date: Wed Aug 01 2018 - 14:46:43 EST

Next message: Russell King - ARM Linux: "Re: [PATCH v3 7/8] net: phy: Add support to configure clock in Broadcom iProc mdio mux"
Previous message: Kees Cook: "Re: [PATCH v3 1/3] overflow.h: Add arithmetic shift helper"
In reply to: Cong Wang: "Re: KASAN: use-after-free Read in rtnetlink_put_metrics"
Next in thread: Sabrina Dubroca: "Re: KASAN: use-after-free Read in rtnetlink_put_metrics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Date: Tue, 31 Jul 2018 16:03:13 -0700

> Looks like this commit is completely unnecessary,
> fib6_drop_pcpu_from() calls fib6_info_release()
> which calls fib6_info_destroy_rcu(), so this metrics
> will be released twice...

And even if there was a leak here, it's illegal to free this
metrics memory synchronously since it is RCU protected.

That's why it normally goes through fib6_info_destroy_rcu().

Sabrina, I'm going to revert your changes unless I see some
progress here by the end of today.

Next message: Russell King - ARM Linux: "Re: [PATCH v3 7/8] net: phy: Add support to configure clock in Broadcom iProc mdio mux"
Previous message: Kees Cook: "Re: [PATCH v3 1/3] overflow.h: Add arithmetic shift helper"
In reply to: Cong Wang: "Re: KASAN: use-after-free Read in rtnetlink_put_metrics"
Next in thread: Sabrina Dubroca: "Re: KASAN: use-after-free Read in rtnetlink_put_metrics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]