[{"id":1759599,"web_url":"http://patchwork.ozlabs.org/comment/1759599/","msgid":"<1504032048.11498.85.camel@edumazet-glaptop3.roam.corp.google.com>","list_archive_url":null,"date":"2017-08-29T18:40:48","subject":"Re: [PATCH net] sch_multiq: fix double free on init failure","submitter":{"id":2404,"url":"http://patchwork.ozlabs.org/api/people/2404/","name":"Eric Dumazet","email":"eric.dumazet@gmail.com"},"content":"On Tue, 2017-08-29 at 21:26 +0300, Nikolay Aleksandrov wrote:\n> The below commit added a call to ->destroy() on init failure, but multiq\n> still frees ->queues on error in init, but ->queues is also freed by\n> ->destroy() thus we get double free and corrupted memory.\n> \n> Very easy to reproduce (eth0 not multiqueue):\n> $ tc qdisc add dev eth0 root multiq\n> RTNETLINK answers: Operation not supported\n> $ ip l add dumdum type dummy\n> (crash)\n\n> Fixes: 87b60cfacf9f (\"net_sched: fix error recovery at qdisc creation\")\n> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>\n> ---\n>  net/sched/sch_multiq.c | 3 ---\n>  1 file changed, 3 deletions(-)\n> \n\nAcked-by: Eric Dumazet <edumazet@google.com>","headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"lpmiilEW\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhcsN2F0wz9sP5\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed, 30 Aug 2017 04:40:55 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751238AbdH2Skv (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 29 Aug 2017 14:40:51 -0400","from mail-pg0-f44.google.com ([74.125.83.44]:36199 \"EHLO\n\tmail-pg0-f44.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751186AbdH2Sku (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Tue, 29 Aug 2017 14:40:50 -0400","by mail-pg0-f44.google.com with SMTP id r133so13149358pgr.3\n\tfor <netdev@vger.kernel.org>; Tue, 29 Aug 2017 11:40:50 -0700 (PDT)","from ?IPv6:2620:15c:2c1:100:5c25:69da:43fc:a7c6?\n\t([2620:15c:2c1:100:5c25:69da:43fc:a7c6])\n\tby smtp.googlemail.com with ESMTPSA id\n\tw6sm531135pfb.13.2017.08.29.11.40.48\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tTue, 29 Aug 2017 11:40:48 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=message-id:subject:from:to:cc:date:in-reply-to:references\n\t:mime-version:content-transfer-encoding;\n\tbh=kgJZPgGAeT/hcAcUCIbpWxlgYFrdCvHOUqOkMnFkAPY=;\n\tb=lpmiilEWgQ4JkGtpSofbCVGx5oDyJZHUg5aEkKeD0zlZjhFUKXBMU/qbKziy4jzXyc\n\tK6VwwujLWTmozHofqYxDg+JphCVzt3/H3J+8j9OWP3jD6idKok3u4uy5sqmNpJl6DvRj\n\tbHTKxfwWEYVYAo4H+QMFUSCWhg0CTNkypFU5bah3xqkWO6xoeGaE6YrmhOf+dnYLjY/c\n\tPnO0osx3wJUypjO72qc5UVXbSN5P0YN6JeI4pyiVHATsRuiy9B1WVacSBVKOT3+Anh0l\n\t0r8rXXy/pPlggX2u1ArYJKv3kecrOCz/sWEYc70FI+7PpIw6Icr4nQ0wVEDiVRWBl4o5\n\taHNQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to\n\t:references:mime-version:content-transfer-encoding;\n\tbh=kgJZPgGAeT/hcAcUCIbpWxlgYFrdCvHOUqOkMnFkAPY=;\n\tb=CMq3FfNjcCX1p6i7xibgUv0NS/lcls7FOTl+WcnzEBKNe9IOTCWf8imrZliBrCGd2X\n\tr/xC3RiCGyxxEVQeV7YGE+oEONVdUPpR6fcWbwzdlFDGBYWldoHeJ2cRlSTRLwwlQ79m\n\tmVflLJp84p+DZp/6cRPXd9F11ZBBjCCA58Kd9i5m9ewQdAjL6mxTbBI0mCnpt33NC7ex\n\tqpBmJ90yoL3+nff7o8LJLqERyqNvovSNwTaUqxAu68tr5as4GFboqK5nt5ShnZZe0n2Z\n\tN6l+7FRFQ/28qALuHwR7gmG+ScBrcji3x/ivgxBMEbDcLcw42Y93tXP74eCcOfD/4P7U\n\tb4gA==","X-Gm-Message-State":"AHYfb5j8iyykHwwb3nGc/YnSmqYAPMjUW65QtlPU4VFOfiPh7quYY7cy\n\tGy1EnawJnG+WRw==","X-Received":"by 10.98.65.215 with SMTP id g84mr1291316pfd.3.1504032049818;\n\tTue, 29 Aug 2017 11:40:49 -0700 (PDT)","Message-ID":"<1504032048.11498.85.camel@edumazet-glaptop3.roam.corp.google.com>","Subject":"Re: [PATCH net] sch_multiq: fix double free on init failure","From":"Eric Dumazet <eric.dumazet@gmail.com>","To":"Nikolay Aleksandrov <nikolay@cumulusnetworks.com>","Cc":"netdev@vger.kernel.org, edumazet@google.com, jhs@mojatatu.com,\n\txiyou.wangcong@gmail.com, jiri@resnulli.us, roopa@cumulusnetworks.com","Date":"Tue, 29 Aug 2017 11:40:48 -0700","In-Reply-To":"<1504031188-11434-1-git-send-email-nikolay@cumulusnetworks.com>","References":"<1504031188-11434-1-git-send-email-nikolay@cumulusnetworks.com>","Content-Type":"text/plain; charset=\"UTF-8\"","X-Mailer":"Evolution 3.10.4-0ubuntu2 ","Mime-Version":"1.0","Content-Transfer-Encoding":"7bit","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1759605,"web_url":"http://patchwork.ozlabs.org/comment/1759605/","msgid":"<CAM_iQpVm0EvXsdcsAR546urmqgkeVgVqhJu=GwgWAhOutjzgyw@mail.gmail.com>","list_archive_url":null,"date":"2017-08-29T18:59:45","subject":"Re: [PATCH net] sch_multiq: fix double free on init failure","submitter":{"id":211,"url":"http://patchwork.ozlabs.org/api/people/211/","name":"Cong Wang","email":"xiyou.wangcong@gmail.com"},"content":"On Tue, Aug 29, 2017 at 11:26 AM, Nikolay Aleksandrov\n<nikolay@cumulusnetworks.com> wrote:\n> diff --git a/net/sched/sch_multiq.c b/net/sched/sch_multiq.c\n> index f143b7bbaa0d..b07f8b01aa07 100644\n> --- a/net/sched/sch_multiq.c\n> +++ b/net/sched/sch_multiq.c\n> @@ -259,9 +259,6 @@ static int multiq_init(struct Qdisc *sch, struct nlattr *opt)\n>\n>         err = multiq_tune(sch, opt);\n>\n> -       if (err)\n> -               kfree(q->queues);\n> -\n>         return err;\n\nYou can fold them to:\n\n    return multiq_tune(sch, opt);\n\nOther than this,\n\nAcked-by : Cong Wang <xiyou.wangcong@gmail.com>","headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"nI1fe5gv\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhdHZ227wz9sPk\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed, 30 Aug 2017 05:00:10 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751263AbdH2TAH (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 29 Aug 2017 15:00:07 -0400","from mail-pg0-f51.google.com ([74.125.83.51]:35761 \"EHLO\n\tmail-pg0-f51.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751186AbdH2TAG (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Tue, 29 Aug 2017 15:00:06 -0400","by mail-pg0-f51.google.com with SMTP id 63so13275183pgc.2\n\tfor <netdev@vger.kernel.org>; Tue, 29 Aug 2017 12:00:06 -0700 (PDT)","by 10.100.166.199 with HTTP; Tue, 29 Aug 2017 11:59:45 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=mime-version:in-reply-to:references:from:date:message-id:subject:to\n\t:cc; bh=40X+G4AhURBJlNu3NM4Qv3cuBeIo6DCahX2Jq6ldTsY=;\n\tb=nI1fe5gvd4jyDnUEhlHfCvqTsPHpHGRvcx0L29B22lCIKRAE4fNY/vT09jPFMBJduh\n\tF0nC+N96wUMqjPZqk2DgNxTTQ35Ts5Jhe22oyZRx80Dqeh78pUnBz/9UX7HlOssxexZ2\n\tbZ/auA0ONdedyEOH9ut9LoGSKy7JBj2tks82vARImwItB8QOMYJCHnoXZLHvtPFOnX3E\n\trWIvOZGe8FU3Bdu3Wga6W23tOq64rKkOFAIO1lcEVU/URGmvvmcVe7S8io1RBVuVDM17\n\tpkQSVOQp+4KiUMyCCk3Ke+IiH5v9QNHp5kk2FV3SdFWirqbHmW9zBGifKlD9GwNTQ0AS\n\tTVyA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:in-reply-to:references:from:date\n\t:message-id:subject:to:cc;\n\tbh=40X+G4AhURBJlNu3NM4Qv3cuBeIo6DCahX2Jq6ldTsY=;\n\tb=OFrWuaD9SsUa61yg1i4sDyGXY/6hiH4zacF/YNTF+jV0sE35CNTff1jwspG2P8hVyU\n\tcUhj85/UiyqTTq1RsvdgpPqBdR+GgFVkepvzzI1vAUYsZvE5eY/5gX3rJgRR60VDwlQd\n\tmj8FxtB56jE7B1VNT6w+VhOz+1sfA9OESqB2wxbbwPNNoO3SOyuMAaHnRnU2M/MzQCX6\n\tKuk+9sEMlRrMMAVNJgj63rq1JKQrF+eIfQJJ3ZdDYgtIGe9tszD2taRdphd8BZ82Z36K\n\tfiYugnXJG7EfZ11QFxiraCAWt9FVRLyPlh3QQElOdETfuJFRs9OFSMzN20Mo5hePuKpV\n\tOXdQ==","X-Gm-Message-State":"AHYfb5gUtMM3pVLo3PqW0+NFL0f7O0Fn8xBBztVJoSjgRrY/vl4LU6bJ\n\tHqIuMRCsWuYJcOWeAyBUbJmIMm7eAQ==","X-Received":"by 10.84.175.195 with SMTP id t61mr1681555plb.10.1504033205915; \n\tTue, 29 Aug 2017 12:00:05 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<1504031188-11434-1-git-send-email-nikolay@cumulusnetworks.com>","References":"<1504031188-11434-1-git-send-email-nikolay@cumulusnetworks.com>","From":"Cong Wang <xiyou.wangcong@gmail.com>","Date":"Tue, 29 Aug 2017 11:59:45 -0700","Message-ID":"<CAM_iQpVm0EvXsdcsAR546urmqgkeVgVqhJu=GwgWAhOutjzgyw@mail.gmail.com>","Subject":"Re: [PATCH net] sch_multiq: fix double free on init failure","To":"Nikolay Aleksandrov <nikolay@cumulusnetworks.com>","Cc":"Linux Kernel Network Developers <netdev@vger.kernel.org>,\n\tEric Dumazet <edumazet@google.com>, Jamal Hadi Salim <jhs@mojatatu.com>,\n\tJiri Pirko <jiri@resnulli.us>, Roopa Prabhu <roopa@cumulusnetworks.com>","Content-Type":"text/plain; charset=\"UTF-8\"","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"}}]