Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1194655imm; Wed, 1 Aug 2018 11:47:45 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdXqZcC5DhF6S1caIUoPkruk9lOcOUqAqu6qPh/22cr+rYIufeXvsjkvFZggQK9K4mqXhYp X-Received: by 2002:a62:43c8:: with SMTP id l69-v6mr28436809pfi.196.1533149265617; Wed, 01 Aug 2018 11:47:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533149265; cv=none; d=google.com; s=arc-20160816; b=sc8n8sG5/xF+2raUKLsjemRtynkf70lQhVQBtFDphBy9mCzodRrwKFdD7XkPJqOEWN i+fw73yPMmqSqqJSDZe+t3782zWD49g04pEusb8wKgAzfPwzUWGT6noyTw2YCQbF8fCB 1WfcczLSlLjqYkFOxTefBt+vkE0+0jRJze8hIDdzyUUmZHymmLidQ4XexJn5kkWs4iYA N9cIBXuE9SUrO7A7gp5/MtJ8PXtz9HSNITmF+IkP5qQWJ1lb7fmGRTB4/eXw6XdGdNwE GZVd2uQT7ucCnEQmZBwz9LN1DONFBKTRbVefByIaAdoFHeD1FkZ0B4wEYducWSBzVnL8 tv8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=+8yYqBjf8w0adx7Cpw5CrWn/YoyNIpK1FKjUrL/OoIM=; b=gpM9YszT47HpP22jGLp2pwjP/l7AJbyA9xuVHbS1O9v2ffWKGcyoZLlzKZGSOp93j7 jTPOr1nqyLLslB1uJtQShmuzuj+/TZ/Miinfe5tS1D3YntucnxM3iKu/3PBlfn5/3nSd lqpDombq7XMKUOWHCSzG1jUUscgPz38N2tc8qNUm4nSgSspZJTm1SdPSRgNlbVkq7M0W 7MxzhST8isr9mGzcqXrdHOI+05kRyWQWkGSbz8aHzjOVtk+HvRkHVOzkwtybR4LXlNfZ /Iqv0D0KhiG5OcjDYOR4PUhPUPnSFN9m9Clv5JHNx/wO8gSweoEDmuUv8FeEq0ysw34z mNng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z3-v6si17347764pgl.579.2018.08.01.11.47.30; Wed, 01 Aug 2018 11:47:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387394AbeHAUdr (ORCPT + 99 others); Wed, 1 Aug 2018 16:33:47 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:51200 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726116AbeHAUdr (ORCPT ); Wed, 1 Aug 2018 16:33:47 -0400 Received: from localhost (c-71-59-158-49.hsd1.or.comcast.net [71.59.158.49]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id DB452100A24BE; Wed, 1 Aug 2018 11:46:39 -0700 (PDT) Date: Wed, 01 Aug 2018 11:46:36 -0700 (PDT) Message-Id: <20180801.114636.279269263935333136.davem@davemloft.net> To: xiyou.wangcong@gmail.com Cc: sd@queasysnail.net, eric.dumazet@gmail.com, syzbot+41f9c04b50ef70c66947@syzkaller.appspotmail.com, christian.brauner@ubuntu.com, dsahern@gmail.com, fw@strlen.de, jbenc@redhat.com, ktkhai@virtuozzo.com, linux-kernel@vger.kernel.org, lucien.xin@gmail.com, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: KASAN: use-after-free Read in rtnetlink_put_metrics From: David Miller In-Reply-To: References: <20180731134014.GA32114@bistromath.localdomain> X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Wed, 01 Aug 2018 11:46:40 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Cong Wang Date: Tue, 31 Jul 2018 16:03:13 -0700 > Looks like this commit is completely unnecessary, > fib6_drop_pcpu_from() calls fib6_info_release() > which calls fib6_info_destroy_rcu(), so this metrics > will be released twice... And even if there was a leak here, it's illegal to free this metrics memory synchronously since it is RCU protected. That's why it normally goes through fib6_info_destroy_rcu(). Sabrina, I'm going to revert your changes unless I see some progress here by the end of today.