LinuxLists.cc - [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse

2019-08-06 10:07:14

Subject: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse

In case off error, all entries should be freed from the sched list
before deleting it. For simplicity use rcu way.

Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler")
Signed-off-by: Ivan Khoronzhuk <[email protected]>
---

Based on net/master

net/sched/sch_taprio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index b55a82c1e1bc..4f6333035841 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
spin_unlock_bh(qdisc_lock(sch));

free_sched:
- kfree(new_admin);
+ if (new_admin)
+ call_rcu(&new_admin->rcu, taprio_free_sched_cb);

return err;
}
--
2.17.1

2019-08-06 16:22:49

by Vinicius Costa Gomes

[permalink] [raw]

Subject: Re: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse

Ivan Khoronzhuk <[email protected]> writes:

> In case off error, all entries should be freed from the sched list
> before deleting it. For simplicity use rcu way.
>
> Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler")
> Signed-off-by: Ivan Khoronzhuk <[email protected]>
> ---

Acked-by: Vinicius Costa Gomes <[email protected]>

2019-08-06 18:42:37

by David Miller

[permalink] [raw]

Subject: Re: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse

From: Ivan Khoronzhuk <[email protected]>
Date: Tue, 6 Aug 2019 13:04:25 +0300

> Based on net/master

I wonder about that because:

> --- a/net/sched/sch_taprio.c
> +++ b/net/sched/sch_taprio.c
> @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
> spin_unlock_bh(qdisc_lock(sch));
>
> free_sched:
> - kfree(new_admin);
> + if (new_admin)
> + call_rcu(&new_admin->rcu, taprio_free_sched_cb);
>
> return err;

In my tree the context around line 1451 is:

nla_nest_end(skb, sched_nest);

done:
rcu_read_unlock();

return nla_nest_end(skb, nest);

which is part of function taprio_dump().

Please respin this properly against current 'net' sources.

2019-08-06 22:43:08

by Ivan Khoronzhuk

[permalink] [raw]

Subject: Re: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse

On Tue, Aug 06, 2019 at 11:41:14AM -0700, David Miller wrote:
>From: Ivan Khoronzhuk <[email protected]>
>Date: Tue, 6 Aug 2019 13:04:25 +0300
>
>> Based on net/master
>
>I wonder about that because:
Applies cleanly on net/master, but line num is not correct.
I've sent v2.

>
>> --- a/net/sched/sch_taprio.c
>> +++ b/net/sched/sch_taprio.c
>> @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
>> spin_unlock_bh(qdisc_lock(sch));
>>
>> free_sched:
>> - kfree(new_admin);
>> + if (new_admin)
>> + call_rcu(&new_admin->rcu, taprio_free_sched_cb);
>>
>> return err;
>
>In my tree the context around line 1451 is:
>
> nla_nest_end(skb, sched_nest);
>
>done:
> rcu_read_unlock();
>
> return nla_nest_end(skb, nest);
>
>
>which is part of function taprio_dump().
>
>Please respin this properly against current 'net' sources.

--
Regards,
Ivan Khoronzhuk