Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754656AbdLOBRK convert rfc822-to-8bit (ORCPT <rfc822;w@1wt.eu>);
        Thu, 14 Dec 2017 20:17:10 -0500
Received: from cmccmta3.chinamobile.com ([221.176.66.81]:25833 "EHLO
        cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754542AbdLOBRH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Dec 2017 20:17:07 -0500
X-RM-TRANSID: 2ee95a33228eeb3-2b9b2
X-RM-TagInfo: emlType=0                                       
X-RM-SPAM-FLAG: 00000000
X-RM-TRANSID: 2ee95a33228c812-bd03f
Content-Type: text/plain; charset=gb2312
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: [PATCH 1/2] ip_gre: fix potential memory leak in erspan_rcv
From: =?gb2312?B?0c+6o8ur?= <yanhaishuang@cmss.chinamobile.com>
In-Reply-To: <CALDO+SZV01yLnStC9uVw0a82T2ACFSQF-zBi2z6f5Sjnhf0fGA@mail.gmail.com>
Date: Fri, 15 Dec 2017 09:16:59 +0800
Cc: "David S. Miller" <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        linux-kernel@vger.kernel.org,
        Linux Kernel Network Developers <netdev@vger.kernel.org>
Content-Transfer-Encoding: 8BIT
Message-Id: <774B58BA-884A-4A36-A37C-A6CDE1E0B059@cmss.chinamobile.com>
References: <1513264507-26199-1-git-send-email-yanhaishuang@cmss.chinamobile.com>
 <CALDO+SZV01yLnStC9uVw0a82T2ACFSQF-zBi2z6f5Sjnhf0fGA@mail.gmail.com>
To: William Tu <u9012063@gmail.com>
X-Mailer: Apple Mail (2.3273)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1493
Lines: 51



> On 2017??12??15??, at ????2:47, William Tu <u9012063@gmail.com> wrote:
> 
> On Thu, Dec 14, 2017 at 7:15 AM, Haishuang Yan
> <yanhaishuang@cmss.chinamobile.com> wrote:
>> If md is NULL, tun_dst must be freed, otherwise it will cause memory
>> leak.
>> 
>> Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
>> Cc: William Tu <u9012063@gmail.com>
>> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
>> ---
>> net/ipv4/ip_gre.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>> 
>> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
>> index d828821..9253d6f 100644
>> --- a/net/ipv4/ip_gre.c
>> +++ b/net/ipv4/ip_gre.c
>> @@ -304,8 +304,10 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
>>                                return PACKET_REJECT;
>> 
>>                        md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
>> -                       if (!md)
>> +                       if (!md) {
>> +                               dst_release((struct dst_entry *)tun_dst);
>>                                return PACKET_REJECT;
>> +                       }
> I'm not sure about this. Maybe we don't even need to check "if (!md)"
> since ip_tun_rx_dst does the memory allocation.
> William
> 


Hi, William

I think we need to check ??if (!md)??, if md is okay, ip_tunnel_rcv will be responsible to free
tun_dst:

 448 drop:
 449     if (tun_dst)
 450         dst_release((struct dst_entry *)tun_dst);

Thanks.