Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp951954imu; Wed, 28 Nov 2018 02:09:19 -0800 (PST) X-Google-Smtp-Source: AFSGD/Vno8xkSkL9/rc+pFhgGxpDrUmTyzofe1kxqY+BqQ3NzFxPDLY9XjzOhsIpgbBtZMVN38AS X-Received: by 2002:a63:e348:: with SMTP id o8mr32080149pgj.158.1543399759748; Wed, 28 Nov 2018 02:09:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543399759; cv=none; d=google.com; s=arc-20160816; b=IVulzLXeFsrBZkTieJ9ltQhWh7nepHuAl1pfIVgma1z61Q/0gzJ/qiVgeue4uFY6J4 PSURALbwl+r9dyJgmwusTXnkOwOftO9v1lu4q0kC2/xE7pncMSjlzOAF9K1/B9PIowLz CU5VXJrUPiZsS/N+LSsmVlYmdxTdoH3DvN7uNuHgXE1lAb6tHVXknetnAdAyRlV5wVQd WOPYmy6LDsS7+gZ11sWVBgPqoZm9n0UnZo2wrMvPHyHDdPYheWP1WO3rb8RsRoo/gNe0 wcAQE/FuEtVQT2o/Tan8v3Rvm+eyG+n2ogvVkjF+pQEzzH08se7nhRcjaIAdljNMrR6N 1iIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:user-agent :mime-version:date:organization:references:in-reply-to:cc:to:from :subject:message-id; bh=ln5crO0AS64PChNddd114rgE2X4vEeIB+FBxfYec3lY=; b=JUEOMcJt1d0Xjr+PYGRNUaol5H+ZaSn8jKl1j6fiYIegf7KLrYZMFtIgjFVPwm21Ni No9hGxN+moEJJ9Sb5asU7xkDDvzHdATRBGsGG7hPC7+7H4ca7tyuIp523pXjpfdDGBJ/ UG96lqFxiiVv7o7mE8DQvbuDbtGOXSZOELJsyi+8xmzjdj8g1TYKsvYBKPSO4ZXltt59 2uHdtxz23PXyAM13RPjSPVD4raNvkEtNGnXz8znmccEZGYUNTZ/1JHDAOl/U6zllOmp1 RXysjQ9L5SOVyiIXXUk9Cdfvdwqwl2T9T9pnb/cQlE7FoqjVmlgjzkPh1jXg4DmYbr/7 l24Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g18si6222638pgg.522.2018.11.28.02.09.05; Wed, 28 Nov 2018 02:09:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728136AbeK1VIT (ORCPT + 99 others); Wed, 28 Nov 2018 16:08:19 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48928 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727413AbeK1VIS (ORCPT ); Wed, 28 Nov 2018 16:08:18 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 20308316468F; Wed, 28 Nov 2018 10:07:12 +0000 (UTC) Received: from localhost.localdomain (unknown [10.32.181.230]) by smtp.corp.redhat.com (Postfix) with ESMTP id E8B0770121; Wed, 28 Nov 2018 10:07:10 +0000 (UTC) Message-ID: <35b45d85f2c5072d921b555df43bcc4e5a9feb64.camel@redhat.com> Subject: Re: net/sched/act_police.c:232 tcf_police_init() warn: possible memory leak of 'new' From: Davide Caratti To: Dan Carpenter , kbuild@01.org Cc: kbuild-all@01.org, linux-kernel@vger.kernel.org, Eric Dumazet In-Reply-To: <20181128092822.GK3073@unbuntlaptop> References: <20181128092822.GK3073@unbuntlaptop> Organization: red hat Content-Type: text/plain; charset="UTF-8" Date: Wed, 28 Nov 2018 11:07:10 +0100 Mime-Version: 1.0 User-Agent: Evolution 3.30.2 (3.30.2-2.fc29) Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Wed, 28 Nov 2018 10:07:12 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2018-11-28 at 12:28 +0300, Dan Carpenter wrote: > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > head: ef78e5ec9214376c5cb989f5da70b02d0c117b66 > commit: f2cbd485282014132851bf37cb2ca624a456275d net/sched: act_police: fix race condition on state variables hello, > smatch warnings: > net/sched/act_police.c:232 tcf_police_init() warn: possible memory leak of 'new' > > # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2cbd485282014132851bf37cb2ca624a456275d > git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > git remote update linus > git checkout f2cbd485282014132851bf37cb2ca624a456275d > vim +/new +232 net/sched/act_police.c <...> > a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 155 } else if (tb[TCA_POLICE_AVRATE] && > a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 156 (ret == ACT_P_CREATED || > 1c0d32fde net/sched/act_police.c Eric Dumazet 2016-12-04 157 !gen_estimator_active(&police->tcf_rate_est))) { > a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 158 err = -EINVAL; > 74030603d net/sched/act_police.c WANG Cong 2017-06-13 159 goto failure; > ^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 160 } > 71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 161 > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 162 new = kzalloc(sizeof(*new), GFP_KERNEL); > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 163 if (unlikely(!new)) { > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 164 err = -ENOMEM; > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 165 goto failure; > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 166 } > 2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 167 > ^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 168 /* No failure allowed after this point */ in commit c08f5ed5d ("net/sched: act_police: disallow 'goto chain' on fallback control action"), I didn't notice the above comment, <...> > ^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 197 > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 198 if (tb[TCA_POLICE_RESULT]) { > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 199 new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 200 if (TC_ACT_EXT_CMP(new->tcfp_result, TC_ACT_GOTO_CHAIN)) { > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 201 NL_SET_ERR_MSG(extack, > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 202 "goto chain not allowed on fallback"); > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 203 err = -EINVAL; > c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 204 goto failure; > ^^^^^^^^^^^^ > kfree_rcu(new, rcu); ? ... and I introduced a 'goto failure', to avoid the NULL pointer dereference in the traffic path. I think it's correct to call kfree_rcu(new, rcu), or (maybe better) reject invalid values of TCA_POLICE_RESULT before allocating 'new', so we avoid kzalloc() + kfree_rcu() if we already know that the control action is not valid. I will send a patch in the next hours. thanks! -- davide