Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965270AbbLOP0g (ORCPT ); Tue, 15 Dec 2015 10:26:36 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:35241 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965217AbbLOP0c (ORCPT ); Tue, 15 Dec 2015 10:26:32 -0500 Message-ID: <1450193181.3944.49.camel@decadent.org.uk> Subject: Re: [PATCH 4.3] vrf: Fix memory leak on registration failure in vrf_newlink() From: Ben Hutchings To: David Ahern , Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Nikolay Aleksandrov , "David S. Miller" Date: Tue, 15 Dec 2015 15:26:21 +0000 In-Reply-To: <56702E7E.5000604@cumulusnetworks.com> References: <20151215151243.GN28542@decadent.org.uk> <56702E7E.5000604@cumulusnetworks.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-ISAuTThTroTNR6efAl+N" X-Mailer: Evolution 3.18.2-1 Mime-Version: 1.0 X-SA-Exim-Connect-IP: 192.168.4.247 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2300 Lines: 67 --=-ISAuTThTroTNR6efAl+N Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2015-12-15 at 08:15 -0700, David Ahern wrote: > On 12/15/15 8:12 AM, Ben Hutchings wrote: > > @@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct= net_device *dev, > >=20 > > =C2=A0=C2=A0 rcu_assign_pointer(dev->vrf_ptr, vrf_ptr); > >=20 > > - return register_netdev(dev); > > + err =3D register_netdev(dev); > > + if (err) > > + kfree(vrf_ptr); > > + return err; > > =C2=A0 } > >=20 > > =C2=A0 static size_t vrf_nl_getsize(const struct net_device *dev) > >=20 >=20 > The rcu_assign_pointer should only be done if the register_netdev succeed= ed. Oh, yes I see. =C2=A0I though that no other task could access an unregistered device, but register_netdev() can still fail after listing the device. Wait, it's worse, this is calling register_netdev() which will deadlock as we already hold the RTNL lock. Ben. > Thanks for creating the patch. >=20 --=20 Ben Hutchings Logic doesn't apply to the real world. - Marvin Minsky --=-ISAuTThTroTNR6efAl+N Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUAVnAxHee/yOyVhhEJAQonhw//WgtrZYSfNYrB10Kybak2Tkhnk0vkBaEW RJeAG6hzFcTaB3LGg4u3tmyPmRgm13lj6LSxS9lmt0drssXBTMGwySMj2gAPfFjA x+tXM40VCr7mvF0NaZssh4FVmUxc0yeDjcNHzX0HsRIx27jjqIUlXjR61IPzIalR lK2V7Bd2jNCehYEgpuQfRSovmCViV33QXGYfX8a9HUoQwxtOe/aAeIK6e4/+DVFo S5EqmJ/v4r0uUQUP3Hw5lKKOkxmQK83zZqKjv/jvoypHAFgBoFKnJf/B/vCi1S+2 gnScRi2qy6hcoFRA62XixrJP29WdLAavb6o/yVh6UJtccZK9wNerqUAB5ykirFJi 7EzapPF5rHKKonlbdV10qMFCVp7O0XDfH7O/btxiYM9T0Vp7QmJ43Eof6OB7wkV/ DSLPXD1xh6VOxUbkUPBmXxN4lGCJsu/Cdx85z05FN6g0HRLKwzhZl2el2w8aCd2w rXjdDzSYG/wdXQAhduSsWrVi3dhuD0gR739fJd5q+Fj2sYlFxsfdzdqFV3wjvBct jRUCM9oSz73B/rdcnmVQyGYWVYKGcTBdGnsApdhYBv9vpTnc6sWFlFcny5pwXBl+ 3LyuYKZyUC5V9iMVaTTzFbc786IuPAsbWWxAUIzKNc4nuOM6TTVMotQFJCl2BtX0 wfPEJE+i9MQ= =Wl7z -----END PGP SIGNATURE----- --=-ISAuTThTroTNR6efAl+N-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/