Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp840930ybl; Wed, 4 Dec 2019 11:48:18 -0800 (PST) X-Google-Smtp-Source: APXvYqyFfR2gOb4zxrPo5ALyTLUJCgY1BUVS+Pv2eoEGQFDAJ1jyqp2nJSryeL2tqK61d5RfFRk+ X-Received: by 2002:a9d:6196:: with SMTP id g22mr3978303otk.204.1575488898083; Wed, 04 Dec 2019 11:48:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575488898; cv=none; d=google.com; s=arc-20160816; b=cqrEHj94eeBfPVMtuc58YP7580KcYFfjCaG1Nk43jCbGFuwp4JhuOjm7wTOMR0b7pN aGWws6/O8w3BuMXOLyzhPEPDd8kk9d4Nt3EJmA391FnSdTBaaocp0zzLhkGW6XpKDaGL VFnDI+IX3Z2+Dl2ogshsmolCHF255qhr9iFjjqrdpmU2ZQzBvxjj0ml3tCbzIXPviqHX 6GWm8LKK/gBDD1A2NL3MsM2BOxASIgbXsAha6fIlx+a6NyDszC5xwN+D19YqwTlYaLbs ZMjRNbMLBMVQGe97mT5E3/1UyMdhsHdnhYnpE9APb0syTwOATpLr7fiwmtAj0sAkM142 UXVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=MPUgt8BKK8jntMpPJJpiSxrSzMem1sQgZ2v86URinXA=; b=u4oaIbJ8jLvXUV1kekaq7O5xB9DzBFSJC/4PMKa+5YGZZMh711T6+HXN5e0hfWws9k 8dPB0cxD3nuQpUoGcyuLc7uf3AMwCzLo2ibuVdVA0UGEmvuh7a/SO3M7Dz4Lk2X7Ulva 5ES2erE6Fr3+qv5w9WToHdvwY2hKrVDPdPHGN4ewKo6w5mui+NoHul8sVq1308ivo0KR I9u+IAizs02Fz5+szmL48voJ0qJkk80lC9UNJOeSGBa95lBt+i55L5F2iS2bFee5ZuHR 4dC+USaO8bPsTjTh7ZswTeVTkwB3kaaUcA8roqdE+wh9ETAoa3tA0gU6aD01GaR2Vz41 w7dw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=q8nNR2Jn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z1si3916816otq.21.2019.12.04.11.48.06; Wed, 04 Dec 2019 11:48:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=q8nNR2Jn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728564AbfLDSkT (ORCPT + 99 others); Wed, 4 Dec 2019 13:40:19 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:37580 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728285AbfLDSkS (ORCPT ); Wed, 4 Dec 2019 13:40:18 -0500 Received: by mail-lj1-f196.google.com with SMTP id u17so476141lja.4 for ; Wed, 04 Dec 2019 10:40:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-transfer-encoding; bh=MPUgt8BKK8jntMpPJJpiSxrSzMem1sQgZ2v86URinXA=; b=q8nNR2JnYKwS3g9vjbQ3LUk+rSLD9sMW5X6tYyysV5UGJQTejC8CEhjzojGmF56EJg MzrOIkU2eI//hos+tVVTrz5UrbWRNr188CTiCTjgseET0IO5HsgGi/tcJl8p4jNM3BwH rtyt3Qsk4yAmL7hhGfYpgbk5xtCDX3V1e2SxNcC/yOx8qbJ3VhBYvd70O1llAIjC1o+z Y0DfWuMLJIv9pOZgsTPNrQBJggY4rEzKIdZTTE7qMFEtYny79ScbaKo8zrhKmCpBi5sa wUnV4WeWDl0kk1rWTPbFh2DZtV0r/bw9ujOIk6ekRJhvxNeqVCbK4C3bZQ71bT1DV4eZ D1Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version:content-transfer-encoding; bh=MPUgt8BKK8jntMpPJJpiSxrSzMem1sQgZ2v86URinXA=; b=axHehZWYn35FSJ4z0QXZN1dAziwcYCMwM22yNVv7doP0Ksmp8BvARKHhcMdikiCkTh LdIJchAVqa8G2F0SAHFio9cg9f9KyXdtmMeC3STiBQfLwz2yO7oJcddgfHdEP4DFrzvo ujN0yYxNs9EQH+AeWfzEa00iLlKqeARwMZHQqDjhMH0VO6b/Ylh6jKyLOiyYu5xraAmv iIp1enD4ndFlfKiKVJ6qIB8ouGoCPio4Drla5gTbA8izUNPDt17VT3nFi/BgjROeLI3V 4zIUPDrjqiuysd1S8iX2IBPCzaXh8fxWPVbVh9nbJQVECLcPo/7xB5r5PM2sueHsZsH8 5f4A== X-Gm-Message-State: APjAAAUONPSkycgQVzOw4tLcgJGDoyY5Vg10ak0yAykZIB9Lq7peEJUm O9amb5ss7BO6+QjR5tUOuWqocA== X-Received: by 2002:a2e:84d0:: with SMTP id q16mr2935643ljh.138.1575484816865; Wed, 04 Dec 2019 10:40:16 -0800 (PST) Received: from cakuba.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id a24sm3584077ljp.97.2019.12.04.10.40.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Dec 2019 10:40:16 -0800 (PST) Date: Wed, 4 Dec 2019 10:39:55 -0800 From: Jakub Kicinski To: Navid Emamdoost Cc: emamd001@umn.edu, smccaman@umn.edu, kjlu@umn.edu, "David S. Miller" , Pablo Neira Ayuso , John Hurley , Colin Ian King , oss-drivers@netronome.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] nfp: abm: fix memory leak in nfp_abm_u32_knode_replace Message-ID: <20191204103955.63c4d9af@cakuba.netronome.com> In-Reply-To: <20190927015157.20070-1-navid.emamdoost@gmail.com> References: <20190925215314.10cf291d@cakuba.netronome.com> <20190927015157.20070-1-navid.emamdoost@gmail.com> Organization: Netronome Systems, Ltd. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 26 Sep 2019 20:51:46 -0500, Navid Emamdoost wrote: > In nfp_abm_u32_knode_replace if the allocation for match fails it should > go to the error handling instead of returning. Updated other gotos to > have correct errno returned, too. > > Signed-off-by: Navid Emamdoost > --- > Changes in v2: > - Reused err variable for erorr value returning. > Changes in v3: > - Fix the err value in the first goto, and fix subject prefix. Ugh damn this. Apparently this "fix" has made the news: https://news.softpedia.com/news/canonical-releases-major-kernel-security-update-for-ubuntu-19-10-and-18-04-lts-528433.shtml https://nvd.nist.gov/vuln/detail/CVE-2019-19076 and (a) it would be a damn control path, root-only memory leak, but also (b) upon closer inspection there is no leak here at all! We don't need to delete the entry if we failed to allocate it... The delete path is in case the entry for the handle is changed, but if we're trying to allocate one anew there can't be any on the list. Congratulations to whoever classified this as a security fix. I will send a revert, and go ask for the CVE to be marked invalid. What a waste of time. I should have paid more attention :/ > diff --git a/drivers/net/ethernet/netronome/nfp/abm/cls.c b/drivers/net/ethernet/netronome/nfp/abm/cls.c > index 23ebddfb9532..9f8a1f69c0c4 100644 > --- a/drivers/net/ethernet/netronome/nfp/abm/cls.c > +++ b/drivers/net/ethernet/netronome/nfp/abm/cls.c > @@ -176,8 +176,10 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, > u8 mask, val; > int err; > > - if (!nfp_abm_u32_check_knode(alink->abm, knode, proto, extack)) > + if (!nfp_abm_u32_check_knode(alink->abm, knode, proto, extack)) { > + err = -EOPNOTSUPP; > goto err_delete; > + } > > tos_off = proto == htons(ETH_P_IP) ? 16 : 20; > > @@ -198,14 +200,18 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, > if ((iter->val & cmask) == (val & cmask) && > iter->band != knode->res->classid) { > NL_SET_ERR_MSG_MOD(extack, "conflict with already offloaded filter"); > + err = -EOPNOTSUPP; > goto err_delete; > } > } > > if (!match) { > match = kzalloc(sizeof(*match), GFP_KERNEL); > - if (!match) > - return -ENOMEM; > + if (!match) { > + err = -ENOMEM; > + goto err_delete; > + } > + > list_add(&match->list, &alink->dscp_map); > } > match->handle = knode->handle; > @@ -221,7 +227,7 @@ nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, > > err_delete: > nfp_abm_u32_knode_delete(alink, knode); > - return -EOPNOTSUPP; > + return err; > } > > static int nfp_abm_setup_tc_block_cb(enum tc_setup_type type,