Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp4440848ybh; Tue, 6 Aug 2019 11:42:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqzS1HCqM61CBU/vYrTCuLqS8AlB17apTqPqLkBz9QtfA4CA/PbQsDNa/uekttzthaitj3vq X-Received: by 2002:a63:db45:: with SMTP id x5mr3639316pgi.293.1565116957432; Tue, 06 Aug 2019 11:42:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565116957; cv=none; d=google.com; s=arc-20160816; b=g3tU51nxCsaK1b6t5ivTOV6I1O21SN10XOfRtrcBj6V3Oszspgpv6o7fB+ju/1kdW2 Lwkm2cuXLybhMdK14QWth7X9IXiI+wtmC/ViejQvxKdfrN9b47YFkeM+QX6bUv6Dx6Ac vcLtZC4htlkGtIzY01JEhFPf3yXPcIkpY47YuVT7YyzOc4SAYUxlGTp5SBe2RnFjQnzf smd9ugOZmtVJOFXLMVmkl6EllTcLUPrNU4EbrtARfnLqANuj5cqrZycSzHmtmVkWhkUk vtm3In79/shaKH8UV50h1sQnME73exALXVqwx9SgTcfNSA39u7I7BS6yqPQjt0nNYrqr KrLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=9aYsuhByx4emnC/l0txRRJVC4WULE0vEc9u+7E89UrQ=; b=GXB0lXvtCDJOfBUsLo275cb8cGR8TvDHuBMJzsPqgZcUwh8M9XfM5kN8wcaPBvsKvw vOIsZWKurJrl1oRTEGl7gdZI+R2n9OGyUrfXOyRyHse9DcajBIQqPv/i4GaKbRx+Eufw Zm0Hy8b4vIdiuK5+m9i1IYqg7Xh6aGRVEzW1Dmt8L2m/qSwUBvPw5lXGMHVorhB0porB Zgf5i8U0QI0RigimUPc9byFQ6qf9IMZ2IG8nFmNenvfak8LlPF9rNzSzaHzVvhBfSj+M GPoiIZ0PQ4KXrEV8uDlEMQVXIDFZlfu1PXqCBa47YK/Lwks3m2ii76YbSZa5p2ZyThgm 6Yog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u17si49524779pfc.210.2019.08.06.11.42.22; Tue, 06 Aug 2019 11:42:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726412AbfHFSl0 (ORCPT + 99 others); Tue, 6 Aug 2019 14:41:26 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:47880 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725881AbfHFSlP (ORCPT ); Tue, 6 Aug 2019 14:41:15 -0400 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::d71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 9E3CB152488F2; Tue, 6 Aug 2019 11:41:14 -0700 (PDT) Date: Tue, 06 Aug 2019 11:41:14 -0700 (PDT) Message-Id: <20190806.114114.1672670570404825284.davem@davemloft.net> To: ivan.khoronzhuk@linaro.org Cc: vinicius.gomes@intel.com, jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse From: David Miller In-Reply-To: <20190806100425.4356-1-ivan.khoronzhuk@linaro.org> References: <20190806100425.4356-1-ivan.khoronzhuk@linaro.org> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 06 Aug 2019 11:41:14 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ivan Khoronzhuk Date: Tue, 6 Aug 2019 13:04:25 +0300 > Based on net/master I wonder about that because: > --- a/net/sched/sch_taprio.c > +++ b/net/sched/sch_taprio.c > @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, > spin_unlock_bh(qdisc_lock(sch)); > > free_sched: > - kfree(new_admin); > + if (new_admin) > + call_rcu(&new_admin->rcu, taprio_free_sched_cb); > > return err; In my tree the context around line 1451 is: nla_nest_end(skb, sched_nest); done: rcu_read_unlock(); return nla_nest_end(skb, nest); which is part of function taprio_dump(). Please respin this properly against current 'net' sources.