* [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
@ 2017-12-07 2:21 Heyi Guo
2017-12-07 2:47 ` Fu, Siyuan
2017-12-07 7:01 ` Wu, Jiaxin
0 siblings, 2 replies; 8+ messages in thread
From: Heyi Guo @ 2017-12-07 2:21 UTC (permalink / raw)
To: linaro-uefi, edk2-devel
Cc: Heyi Guo, Junbiao Hong, Star Zeng, Eric Dong, Ruiyu Ni, Siyuan Fu,
Jiaxin Wu
When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.
Network stack code is so complicated that this is just a RFC to fix
this issue. Please provide your comments about this.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
---
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
index b4b0864..ed6bdbe 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
@@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
Ip4SysPacketSent,
NULL
);
+ if (EFI_ERROR (Status)) {
+ NetbufFree (Data);
+ }
ON_EXIT:
NetbufFree (Packet);
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-07 2:21 [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak Heyi Guo
@ 2017-12-07 2:47 ` Fu, Siyuan
2017-12-07 7:01 ` Wu, Jiaxin
1 sibling, 0 replies; 8+ messages in thread
From: Fu, Siyuan @ 2017-12-07 2:47 UTC (permalink / raw)
To: Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org
Cc: Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu, Wu, Jiaxin
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
> -----Original Message-----
> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> Sent: Thursday, December 7, 2017 10:22 AM
> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong <hongjunbiao@huawei.com>;
> Zeng, Star <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni,
> Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>
> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>
> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> function, and then call Ip4Output. However, if Ip4Output gets some
> error and exits early, e.g. fails to find the route entry, memory
> buffer of "Data" gets no chance to be freed and memory leak will be
> caused. If there is such an attacker in the network, we will see UEFI
> runs out of memory and system hangs.
>
> Network stack code is so complicated that this is just a RFC to fix
> this issue. Please provide your comments about this.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> ---
> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> index b4b0864..ed6bdbe 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> Ip4SysPacketSent,
> NULL
> );
> + if (EFI_ERROR (Status)) {
> + NetbufFree (Data);
> + }
>
> ON_EXIT:
> NetbufFree (Packet);
> --
> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-07 2:21 [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak Heyi Guo
2017-12-07 2:47 ` Fu, Siyuan
@ 2017-12-07 7:01 ` Wu, Jiaxin
2017-12-07 12:23 ` Heyi Guo
1 sibling, 1 reply; 8+ messages in thread
From: Wu, Jiaxin @ 2017-12-07 7:01 UTC (permalink / raw)
To: Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org
Cc: Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu, Fu, Siyuan
It's is good to me.
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Thanks,
Jiaxin
> -----Original Message-----
> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> Sent: Thursday, December 7, 2017 10:22 AM
> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong, Eric
> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>
> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> function, and then call Ip4Output. However, if Ip4Output gets some
> error and exits early, e.g. fails to find the route entry, memory
> buffer of "Data" gets no chance to be freed and memory leak will be
> caused. If there is such an attacker in the network, we will see UEFI
> runs out of memory and system hangs.
>
> Network stack code is so complicated that this is just a RFC to fix
> this issue. Please provide your comments about this.
>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> ---
> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> index b4b0864..ed6bdbe 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> Ip4SysPacketSent,
> NULL
> );
> + if (EFI_ERROR (Status)) {
> + NetbufFree (Data);
> + }
>
> ON_EXIT:
> NetbufFree (Packet);
> --
> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-07 7:01 ` Wu, Jiaxin
@ 2017-12-07 12:23 ` Heyi Guo
2017-12-08 0:39 ` Wu, Jiaxin
0 siblings, 1 reply; 8+ messages in thread
From: Heyi Guo @ 2017-12-07 12:23 UTC (permalink / raw)
To: Wu, Jiaxin, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
Fu, Siyuan
Cc: Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu
Hi Siyuan and Jiaxin,
Thanks for your review; shall I generate a formal patch and post it
again, as well as making some commit message refinement?
Regards,
Gary (Heyi Guo)
在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:
> It's is good to me.
>
> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
>
> Thanks,
> Jiaxin
>
>
>> -----Original Message-----
>> From: Heyi Guo [mailto:heyi.guo@linaro.org]
>> Sent: Thursday, December 7, 2017 10:22 AM
>> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
>> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
>> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong, Eric
>> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
>> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
>> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>>
>> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
>> function, and then call Ip4Output. However, if Ip4Output gets some
>> error and exits early, e.g. fails to find the route entry, memory
>> buffer of "Data" gets no chance to be freed and memory leak will be
>> caused. If there is such an attacker in the network, we will see UEFI
>> runs out of memory and system hangs.
>>
>> Network stack code is so complicated that this is just a RFC to fix
>> this issue. Please provide your comments about this.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Siyuan Fu <siyuan.fu@intel.com>
>> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>> ---
>> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> index b4b0864..ed6bdbe 100644
>> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
>> Ip4SysPacketSent,
>> NULL
>> );
>> + if (EFI_ERROR (Status)) {
>> + NetbufFree (Data);
>> + }
>>
>> ON_EXIT:
>> NetbufFree (Packet);
>> --
>> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-07 12:23 ` Heyi Guo
@ 2017-12-08 0:39 ` Wu, Jiaxin
2017-12-08 2:04 ` Guo Heyi
0 siblings, 1 reply; 8+ messages in thread
From: Wu, Jiaxin @ 2017-12-08 0:39 UTC (permalink / raw)
To: Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
Fu, Siyuan
Cc: Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu
Hi Gary,
Agree to generate a formal patch. You can attach the reviewed-by tag at the same time.
Can you help to file one Bugzilla for this issue?
BTW, Do you need us commit the patch or by yourself?
Thanks,
Jiaxin
> -----Original Message-----
> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> Sent: Thursday, December 7, 2017 8:23 PM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; linaro-uefi@lists.linaro.org; edk2-
> devel@lists.01.org; Fu, Siyuan <siyuan.fu@intel.com>
> Cc: Junbiao Hong <hongjunbiao@huawei.com>; Zeng, Star
> <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ruiyu
> <ruiyu.ni@intel.com>
> Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>
> Hi Siyuan and Jiaxin,
>
> Thanks for your review; shall I generate a formal patch and post it
> again, as well as making some commit message refinement?
>
> Regards,
>
>
> Gary (Heyi Guo)
>
>
> 在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:
> > It's is good to me.
> >
> > Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
> >
> > Thanks,
> > Jiaxin
> >
> >
> >> -----Original Message-----
> >> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> >> Sent: Thursday, December 7, 2017 10:22 AM
> >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> >> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> >> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong,
> Eric
> >> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> >> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> >> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> >>
> >> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> >> function, and then call Ip4Output. However, if Ip4Output gets some
> >> error and exits early, e.g. fails to find the route entry, memory
> >> buffer of "Data" gets no chance to be freed and memory leak will be
> >> caused. If there is such an attacker in the network, we will see UEFI
> >> runs out of memory and system hangs.
> >>
> >> Network stack code is so complicated that this is just a RFC to fix
> >> this issue. Please provide your comments about this.
> >>
> >> Contributed-under: TianoCore Contribution Agreement 1.1
> >> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> >> Cc: Star Zeng <star.zeng@intel.com>
> >> Cc: Eric Dong <eric.dong@intel.com>
> >> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> >> Cc: Siyuan Fu <siyuan.fu@intel.com>
> >> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> >> ---
> >> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> >> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> >> index b4b0864..ed6bdbe 100644
> >> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> >> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> >> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> >> Ip4SysPacketSent,
> >> NULL
> >> );
> >> + if (EFI_ERROR (Status)) {
> >> + NetbufFree (Data);
> >> + }
> >>
> >> ON_EXIT:
> >> NetbufFree (Packet);
> >> --
> >> 2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-08 0:39 ` Wu, Jiaxin
@ 2017-12-08 2:04 ` Guo Heyi
2017-12-08 6:00 ` Guo Heyi
0 siblings, 1 reply; 8+ messages in thread
From: Guo Heyi @ 2017-12-08 2:04 UTC (permalink / raw)
To: Wu, Jiaxin
Cc: Heyi Guo, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
Fu, Siyuan, Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu
On Fri, Dec 08, 2017 at 12:39:30AM +0000, Wu, Jiaxin wrote:
> Hi Gary,
>
> Agree to generate a formal patch. You can attach the reviewed-by tag at the same time.
>
> Can you help to file one Bugzilla for this issue?
No Problem.
>
> BTW, Do you need us commit the patch or by yourself?
Yes, for I can't commit by myself :)
Thanks and regards,
Gary (Heyi Guo)
>
> Thanks,
> Jiaxin
>
> > -----Original Message-----
> > From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > Sent: Thursday, December 7, 2017 8:23 PM
> > To: Wu, Jiaxin <jiaxin.wu@intel.com>; linaro-uefi@lists.linaro.org; edk2-
> > devel@lists.01.org; Fu, Siyuan <siyuan.fu@intel.com>
> > Cc: Junbiao Hong <hongjunbiao@huawei.com>; Zeng, Star
> > <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ruiyu
> > <ruiyu.ni@intel.com>
> > Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> >
> > Hi Siyuan and Jiaxin,
> >
> > Thanks for your review; shall I generate a formal patch and post it
> > again, as well as making some commit message refinement?
> >
> > Regards,
> >
> >
> > Gary (Heyi Guo)
> >
> >
> > 在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:
> > > It's is good to me.
> > >
> > > Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > >
> > > Thanks,
> > > Jiaxin
> > >
> > >
> > >> -----Original Message-----
> > >> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > >> Sent: Thursday, December 7, 2017 10:22 AM
> > >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> > >> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> > >> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong,
> > Eric
> > >> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> > >> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> > >> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> > >>
> > >> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> > >> function, and then call Ip4Output. However, if Ip4Output gets some
> > >> error and exits early, e.g. fails to find the route entry, memory
> > >> buffer of "Data" gets no chance to be freed and memory leak will be
> > >> caused. If there is such an attacker in the network, we will see UEFI
> > >> runs out of memory and system hangs.
> > >>
> > >> Network stack code is so complicated that this is just a RFC to fix
> > >> this issue. Please provide your comments about this.
> > >>
> > >> Contributed-under: TianoCore Contribution Agreement 1.1
> > >> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> > >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> > >> Cc: Star Zeng <star.zeng@intel.com>
> > >> Cc: Eric Dong <eric.dong@intel.com>
> > >> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> > >> Cc: Siyuan Fu <siyuan.fu@intel.com>
> > >> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > >> ---
> > >> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> > >> 1 file changed, 3 insertions(+)
> > >>
> > >> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > >> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > >> index b4b0864..ed6bdbe 100644
> > >> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > >> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > >> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> > >> Ip4SysPacketSent,
> > >> NULL
> > >> );
> > >> + if (EFI_ERROR (Status)) {
> > >> + NetbufFree (Data);
> > >> + }
> > >>
> > >> ON_EXIT:
> > >> NetbufFree (Packet);
> > >> --
> > >> 2.7.4
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-08 2:04 ` Guo Heyi
@ 2017-12-08 6:00 ` Guo Heyi
2017-12-11 10:59 ` Guo Heyi
0 siblings, 1 reply; 8+ messages in thread
From: Guo Heyi @ 2017-12-08 6:00 UTC (permalink / raw)
To: jiaxin.wu
Cc: Wu, Jiaxin, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
Fu, Siyuan, Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu
Hi Jiaxin,
We are still having our QA to finally verify the patches (including the ICMP error listener bug fix), so I will post the formal patch after regression test completes.
Regards,
Gary (Heyi Guo)
On Fri, Dec 08, 2017 at 10:04:20AM +0800, Guo Heyi wrote:
> On Fri, Dec 08, 2017 at 12:39:30AM +0000, Wu, Jiaxin wrote:
> > Hi Gary,
> >
> > Agree to generate a formal patch. You can attach the reviewed-by tag at the same time.
> >
> > Can you help to file one Bugzilla for this issue?
>
> No Problem.
>
> >
> > BTW, Do you need us commit the patch or by yourself?
>
> Yes, for I can't commit by myself :)
>
> Thanks and regards,
>
> Gary (Heyi Guo)
>
> >
> > Thanks,
> > Jiaxin
> >
> > > -----Original Message-----
> > > From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > > Sent: Thursday, December 7, 2017 8:23 PM
> > > To: Wu, Jiaxin <jiaxin.wu@intel.com>; linaro-uefi@lists.linaro.org; edk2-
> > > devel@lists.01.org; Fu, Siyuan <siyuan.fu@intel.com>
> > > Cc: Junbiao Hong <hongjunbiao@huawei.com>; Zeng, Star
> > > <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ruiyu
> > > <ruiyu.ni@intel.com>
> > > Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> > >
> > > Hi Siyuan and Jiaxin,
> > >
> > > Thanks for your review; shall I generate a formal patch and post it
> > > again, as well as making some commit message refinement?
> > >
> > > Regards,
> > >
> > >
> > > Gary (Heyi Guo)
> > >
> > >
> > > 在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:
> > > > It's is good to me.
> > > >
> > > > Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > >
> > > > Thanks,
> > > > Jiaxin
> > > >
> > > >
> > > >> -----Original Message-----
> > > >> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > > >> Sent: Thursday, December 7, 2017 10:22 AM
> > > >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> > > >> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> > > >> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong,
> > > Eric
> > > >> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> > > >> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> > > >> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> > > >>
> > > >> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> > > >> function, and then call Ip4Output. However, if Ip4Output gets some
> > > >> error and exits early, e.g. fails to find the route entry, memory
> > > >> buffer of "Data" gets no chance to be freed and memory leak will be
> > > >> caused. If there is such an attacker in the network, we will see UEFI
> > > >> runs out of memory and system hangs.
> > > >>
> > > >> Network stack code is so complicated that this is just a RFC to fix
> > > >> this issue. Please provide your comments about this.
> > > >>
> > > >> Contributed-under: TianoCore Contribution Agreement 1.1
> > > >> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> > > >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> > > >> Cc: Star Zeng <star.zeng@intel.com>
> > > >> Cc: Eric Dong <eric.dong@intel.com>
> > > >> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> > > >> Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > >> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > > >> ---
> > > >> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> > > >> 1 file changed, 3 insertions(+)
> > > >>
> > > >> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > >> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > >> index b4b0864..ed6bdbe 100644
> > > >> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > >> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > >> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> > > >> Ip4SysPacketSent,
> > > >> NULL
> > > >> );
> > > >> + if (EFI_ERROR (Status)) {
> > > >> + NetbufFree (Data);
> > > >> + }
> > > >>
> > > >> ON_EXIT:
> > > >> NetbufFree (Packet);
> > > >> --
> > > >> 2.7.4
> >
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
2017-12-08 6:00 ` Guo Heyi
@ 2017-12-11 10:59 ` Guo Heyi
0 siblings, 0 replies; 8+ messages in thread
From: Guo Heyi @ 2017-12-11 10:59 UTC (permalink / raw)
To: Wu, Jiaxin
Cc: jiaxin.wu, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org,
Fu, Siyuan, Junbiao Hong, Zeng, Star, Dong, Eric, Ni, Ruiyu
Hi Jiaxin,
Bug 812 has been created: https://bugzilla.tianocore.org/show_bug.cgi?id=812
The regression test has been completed on our platform and I'll post a formal patch in minutes.
Regards,
Gary (Heyi Guo)
On Fri, Dec 08, 2017 at 02:00:05PM +0800, Guo Heyi wrote:
> Hi Jiaxin,
>
> We are still having our QA to finally verify the patches (including the ICMP error listener bug fix), so I will post the formal patch after regression test completes.
>
> Regards,
>
> Gary (Heyi Guo)
>
>
> On Fri, Dec 08, 2017 at 10:04:20AM +0800, Guo Heyi wrote:
> > On Fri, Dec 08, 2017 at 12:39:30AM +0000, Wu, Jiaxin wrote:
> > > Hi Gary,
> > >
> > > Agree to generate a formal patch. You can attach the reviewed-by tag at the same time.
> > >
> > > Can you help to file one Bugzilla for this issue?
> >
> > No Problem.
> >
> > >
> > > BTW, Do you need us commit the patch or by yourself?
> >
> > Yes, for I can't commit by myself :)
> >
> > Thanks and regards,
> >
> > Gary (Heyi Guo)
> >
> > >
> > > Thanks,
> > > Jiaxin
> > >
> > > > -----Original Message-----
> > > > From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > > > Sent: Thursday, December 7, 2017 8:23 PM
> > > > To: Wu, Jiaxin <jiaxin.wu@intel.com>; linaro-uefi@lists.linaro.org; edk2-
> > > > devel@lists.01.org; Fu, Siyuan <siyuan.fu@intel.com>
> > > > Cc: Junbiao Hong <hongjunbiao@huawei.com>; Zeng, Star
> > > > <star.zeng@intel.com>; Dong, Eric <eric.dong@intel.com>; Ni, Ruiyu
> > > > <ruiyu.ni@intel.com>
> > > > Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> > > >
> > > > Hi Siyuan and Jiaxin,
> > > >
> > > > Thanks for your review; shall I generate a formal patch and post it
> > > > again, as well as making some commit message refinement?
> > > >
> > > > Regards,
> > > >
> > > >
> > > > Gary (Heyi Guo)
> > > >
> > > >
> > > > 在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:
> > > > > It's is good to me.
> > > > >
> > > > > Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
> > > > >
> > > > > Thanks,
> > > > > Jiaxin
> > > > >
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> > > > >> Sent: Thursday, December 7, 2017 10:22 AM
> > > > >> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> > > > >> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> > > > >> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong,
> > > > Eric
> > > > >> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> > > > >> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> > > > >> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> > > > >>
> > > > >> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> > > > >> function, and then call Ip4Output. However, if Ip4Output gets some
> > > > >> error and exits early, e.g. fails to find the route entry, memory
> > > > >> buffer of "Data" gets no chance to be freed and memory leak will be
> > > > >> caused. If there is such an attacker in the network, we will see UEFI
> > > > >> runs out of memory and system hangs.
> > > > >>
> > > > >> Network stack code is so complicated that this is just a RFC to fix
> > > > >> this issue. Please provide your comments about this.
> > > > >>
> > > > >> Contributed-under: TianoCore Contribution Agreement 1.1
> > > > >> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> > > > >> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> > > > >> Cc: Star Zeng <star.zeng@intel.com>
> > > > >> Cc: Eric Dong <eric.dong@intel.com>
> > > > >> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> > > > >> Cc: Siyuan Fu <siyuan.fu@intel.com>
> > > > >> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > > > >> ---
> > > > >> MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
> > > > >> 1 file changed, 3 insertions(+)
> > > > >>
> > > > >> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > > >> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > > >> index b4b0864..ed6bdbe 100644
> > > > >> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > > >> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> > > > >> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
> > > > >> Ip4SysPacketSent,
> > > > >> NULL
> > > > >> );
> > > > >> + if (EFI_ERROR (Status)) {
> > > > >> + NetbufFree (Data);
> > > > >> + }
> > > > >>
> > > > >> ON_EXIT:
> > > > >> NetbufFree (Packet);
> > > > >> --
> > > > >> 2.7.4
> > >
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-12-11 10:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-07 2:21 [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak Heyi Guo
2017-12-07 2:47 ` Fu, Siyuan
2017-12-07 7:01 ` Wu, Jiaxin
2017-12-07 12:23 ` Heyi Guo
2017-12-08 0:39 ` Wu, Jiaxin
2017-12-08 2:04 ` Guo Heyi
2017-12-08 6:00 ` Guo Heyi
2017-12-11 10:59 ` Guo Heyi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox