From patchwork Sat Jan 5 03:50:48 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 209645 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C9B3D2C0093 for ; Sat, 5 Jan 2013 14:51:05 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754991Ab3AEDu4 (ORCPT ); Fri, 4 Jan 2013 22:50:56 -0500 Received: from mail.us.es ([193.147.175.20]:41565 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754775Ab3AEDuy (ORCPT ); Fri, 4 Jan 2013 22:50:54 -0500 Received: (qmail 18875 invoked from network); 5 Jan 2013 04:50:52 +0100 Received: from unknown (HELO us.es) (192.168.2.13) by us.es with SMTP; 5 Jan 2013 04:50:52 +0100 Received: (qmail 27036 invoked by uid 507); 5 Jan 2013 03:50:52 -0000 X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus3 (envelope-from , uid 501) with qmail-scanner-2.10 (clamdscan: 0.97.6/16366. spamassassin: 3.3.2. Clear:RC:1(127.0.0.1):SA:0(-99.2/7.5):. Processed in 3.381132 secs); 05 Jan 2013 03:50:52 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus3 X-Spam-Level: X-Spam-Status: No, score=-99.2 required=7.5 tests=BAYES_50, RP_MATCHES_RCVD, SPF_HELO_FAIL, USER_IN_WHITELIST autolearn=disabled version=3.3.2 X-Envelope-From: pneira@us.es Received: from unknown (HELO antivirus3) (127.0.0.1) by us.es with SMTP; 5 Jan 2013 03:50:48 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus3 (F-Secure/fsigk_smtp/407/antivirus3); Sat, 05 Jan 2013 04:50:48 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/407/antivirus3) Received: (qmail 31911 invoked from network); 5 Jan 2013 04:50:48 +0100 Received: from 1984.lsi.us.es (HELO us.es) (1984lsi@150.214.188.80) by us.es with AES128-SHA encrypted SMTP; 5 Jan 2013 04:50:48 +0100 Date: Sat, 5 Jan 2013 04:50:48 +0100 From: Pablo Neira Ayuso To: Gao feng Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, canqunzhang@gmail.com, kaber@trash.net, ebiederm@xmission.com Subject: Re: [PATCH 19/19] netfilter: gre: fix resource leak when unregister gre proto Message-ID: <20130105035048.GA20027@1984> References: <1356662206-2260-1-git-send-email-gaofeng@cn.fujitsu.com> <1356662206-2260-20-git-send-email-gaofeng@cn.fujitsu.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1356662206-2260-20-git-send-email-gaofeng@cn.fujitsu.com> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi Gao, On Fri, Dec 28, 2012 at 10:36:46AM +0800, Gao feng wrote: > Currectly we unregister proto before all conntrack entries of > this proto being destroyed. so in function destroy_conntrack > we can't find proper l4proto to call l4proto->destroy. > this will cause resource leak. Good catch. But better to remove the entries before unregistering the protocol tracker, so l4proto->destroy is always called. Patch attached. From 1c082b3ef4c9bf8bfd0159142ce6ffc49aa7bab2 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 4 Jan 2013 22:09:44 +0100 Subject: [PATCH] netfilter: nf_conntrack: fix memory leak during unregistration with GRE entries Protocol trackers are unregistered before conntrack entries of that type are removed. For that reason, l4proto->destroy is never called and that results in leaking the keymap. Fix this by releasing entries before unregistering protocols. Reported-by: Gao feng Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_conntrack_proto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 51e928d..29cd353 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -488,6 +488,9 @@ void nf_conntrack_l4proto_unregister(struct net *net, { struct nf_proto_net *pn = NULL; + /* Remove all contrack entries before unregistration */ + nf_ct_iterate_cleanup(net, kill_l4proto, l4proto); + if (net == &init_net) nf_conntrack_l4proto_unregister_net(l4proto); @@ -497,9 +500,6 @@ void nf_conntrack_l4proto_unregister(struct net *net, pn->users--; nf_ct_l4proto_unregister_sysctl(net, pn, l4proto); - - /* Remove all contrack entries for this protocol */ - nf_ct_iterate_cleanup(net, kill_l4proto, l4proto); } EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister); -- 1.7.10.4