Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4919473imc;
        Mon, 25 Feb 2019 13:38:34 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibnlb/Q5xAtDsL2t2eeTLJKgHdY6C/to/gJoQleBhsZqcvdbWS63jYiH9XDPJyuYUKB2rZL
X-Received: by 2002:a63:cd06:: with SMTP id i6mr8673182pgg.267.1551130714578;
        Mon, 25 Feb 2019 13:38:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551130714; cv=none;
        d=google.com; s=arc-20160816;
        b=KR1XDTjCS95hTluoNrII1deFkt+9bc56OLgs+QINGbJn4kdvwwncz7Vl1GQQMMIgBz
         LIIkZEvKcvOyX7/AXv4FVSeL5w5RHJzyrzS2VsUqPMpSKq5XYaeCfucvOh99H8PyJGJ7
         ivrSS3wUgAvT8SHAqIvrs0YgZDnLIYDMTkRRCamjTc6dmXZmwMEnItR799rePYqFPG1c
         6a0/BsXiaPqNUjfIAdhdD1hNVs4TJFsSHayklsHmJNXVYVAXHiXWrWWBG37IHAPICU2D
         1fwka8rhlTQLWGLpudhTN8JsFaJSnONkEbXrbo/j47nHmIRNFcE/FKsWi31cwDJ2SI8H
         s10A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=nM2nltz8qDA2CHECExp2dbfaLl2Xuni/8tn3gn7LybI=;
        b=VIf+HwOUYhIZXJd+Kfl7rhEgKLXPncs8MA3RT/wJ/BBk7iDtTIrBJ0tb3Y7metyBel
         +BuX5mURZI+z7NaU9ZDboTFE6eeyPKP5VqggGkrXAfqWGPeqBaVRM/QQwEC7jzwWtuDt
         HgnS5HzsNLpwXNqEVhSsGhsGFDnhYA9jMhmoC3EeFxdj91aE2cFSyv2y3UVQ3jfpQ6SC
         dBzdu44/1IrE60G97z/wsYHLXwOQ9hIvUFNq9/hJm7CKRXdxRrqG2jTClXgr/T3CPxGB
         oE9s8GNYL8NaJTIQSgZZpQIIwusxcELmLlfMIx9hsn5t3Cehtttjnf3lhOWSmSWYJdgo
         auIA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="FUBhAAB/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d14si10222965pgn.536.2019.02.25.13.38.19;
        Mon, 25 Feb 2019 13:38:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="FUBhAAB/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733183AbfBYVgc (ORCPT <rfc822;rmelvin.vger@gmail.com>
        + 99 others); Mon, 25 Feb 2019 16:36:32 -0500
Received: from mail.kernel.org ([198.145.29.99]:43490 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727745AbfBYVgb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Feb 2019 16:36:31 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id CE4B921841;
        Mon, 25 Feb 2019 21:36:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1551130590;
        bh=Yp0FrF9rK5FmNN7DM7gKSGvh4qp5FAJSe0plQMWOdMo=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=FUBhAAB/cShN4CLjrSjQfx5phhtuNCJASwhIdKkezXoTf+D9mHhW0EPCnuBeGfh3L
         DukfnaUXtAMVSSxMWeM6+Vl8MjNeFoxu+gR/MOstt0hTZHkqxW3GKqDBjhZe78U/Sr
         /PZgZgGefJzqYtrz698q5xmfresRrpYC91ag23fE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jamal Hadi Salim <jhs@mojatatu.com>,
        Jiri Pirko <jiri@resnulli.us>,
        Cong Wang <xiyou.wangcong@gmail.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.20 142/183] net_sched: fix two more memory leaks in cls_tcindex
Date:   Mon, 25 Feb 2019 22:11:55 +0100
Message-Id: <20190225195118.818453238@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190225195054.748060397@linuxfoundation.org>
References: <20190225195054.748060397@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.20-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit 1db817e75f5b9387b8db11e37d5f0624eb9223e0 ]

struct tcindex_filter_result contains two parts:
struct tcf_exts and struct tcf_result.

For the local variable 'cr', its exts part is never used but
initialized without being released properly on success path. So
just completely remove the exts part to fix this leak.

For the local variable 'new_filter_result', it is never properly
released if not used by 'r' on success path.

Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sched/cls_tcindex.c |   16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

--- a/net/sched/cls_tcindex.c
+++ b/net/sched/cls_tcindex.c
@@ -304,9 +304,9 @@ tcindex_set_parms(struct net *net, struc
 		  struct nlattr *est, bool ovr, struct netlink_ext_ack *extack)
 {
 	struct tcindex_filter_result new_filter_result, *old_r = r;
-	struct tcindex_filter_result cr;
 	struct tcindex_data *cp = NULL, *oldp;
 	struct tcindex_filter *f = NULL; /* make gcc behave */
+	struct tcf_result cr = {};
 	int err, balloc = 0;
 	struct tcf_exts e;
 
@@ -347,11 +347,8 @@ tcindex_set_parms(struct net *net, struc
 	err = tcindex_filter_result_init(&new_filter_result);
 	if (err < 0)
 		goto errout1;
-	err = tcindex_filter_result_init(&cr);
-	if (err < 0)
-		goto errout1;
 	if (old_r)
-		cr.res = r->res;
+		cr = r->res;
 
 	if (tb[TCA_TCINDEX_HASH])
 		cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]);
@@ -442,8 +439,8 @@ tcindex_set_parms(struct net *net, struc
 	}
 
 	if (tb[TCA_TCINDEX_CLASSID]) {
-		cr.res.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]);
-		tcf_bind_filter(tp, &cr.res, base);
+		cr.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]);
+		tcf_bind_filter(tp, &cr, base);
 	}
 
 	if (old_r && old_r != r) {
@@ -455,7 +452,7 @@ tcindex_set_parms(struct net *net, struc
 	}
 
 	oldp = p;
-	r->res = cr.res;
+	r->res = cr;
 	tcf_exts_change(&r->exts, &e);
 
 	rcu_assign_pointer(tp->root, cp);
@@ -474,6 +471,8 @@ tcindex_set_parms(struct net *net, struc
 				; /* nothing */
 
 		rcu_assign_pointer(*fp, f);
+	} else {
+		tcf_exts_destroy(&new_filter_result.exts);
 	}
 
 	if (oldp)
@@ -486,7 +485,6 @@ errout_alloc:
 	else if (balloc == 2)
 		kfree(cp->h);
 errout1:
-	tcf_exts_destroy(&cr.exts);
 	tcf_exts_destroy(&new_filter_result.exts);
 errout:
 	kfree(cp);