From patchwork Sun Jun 1 05:37:25 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Yu X-Patchwork-Id: 354557 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 7536914010B for ; Sun, 1 Jun 2014 15:39:00 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750939AbaFAFif (ORCPT ); Sun, 1 Jun 2014 01:38:35 -0400 Received: from mail-vc0-f178.google.com ([209.85.220.178]:65265 "EHLO mail-vc0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750728AbaFAFie (ORCPT ); Sun, 1 Jun 2014 01:38:34 -0400 Received: by mail-vc0-f178.google.com with SMTP id hy4so89030vcb.23 for ; Sat, 31 May 2014 22:38:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=SjNIEJdnIzdDxIv0stU8cuTLclpwItZT+XLAIAtgNmo=; b=Q1+k2Eb09xmOMCOLReeGGIOsH5hwF0Uwq2JvphcVsr/nXP1xZusolhzaFEuc4ZPk50 8RpzDdPIfMXC20SqNienwSTLp/kLIVrerRnGUs7aa2otmAbAinhCodF00H8kLF/fanGJ ypZpXgKBPOHFknpXE3Rcf/fHXaxWbCqDfjDFLM/3byILA20IyHJq11q+iWRzJzCsTfuv DSpQq2yoLk+3qn4sxG4LzZZVcwYL4EwQpfcQSqLLFnMYJBdIAyO+5FoRHXng17iGOJ0D uNvOjksFm2e3MT2vGvREzqxIzoTYxO1H/YxJtZJ0UFC2iO4IY1qArEDsfiy9peFAYXSh wXFQ== X-Received: by 10.52.5.129 with SMTP id s1mr10875275vds.31.1401601113274; Sat, 31 May 2014 22:38:33 -0700 (PDT) Received: from localhost.localdomain (218-161-27-39.HINET-IP.hinet.net. [218.161.27.39]) by mx.google.com with ESMTPSA id fp20sm1793022vec.10.2014.05.31.22.38.30 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 31 May 2014 22:38:32 -0700 (PDT) From: Leon Yu To: davem@davemloft.net, ast@plumgrid.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Leon Yu Subject: [PATCH] net: filter: fix possible memory leak in __sk_prepare_filter() Date: Sun, 1 Jun 2014 05:37:25 +0000 Message-Id: <1401601045-7829-1-git-send-email-chianglungyu@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org __sk_prepare_filter() was reworked in commit bd4cf0ed3 (net: filter: rework/optimize internal BPF interpreter's instruction set) so that it should have uncharged memory once things went wrong. However that work isn't complete. Error is handled only in __sk_migrate_filter() while memory can still leak in the error path right after sk_chk_filter(). Signed-off-by: Leon Yu Acked-by: Alexei Starovoitov Tested-by: Alexei Starovoitov --- net/core/filter.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 9d79ca0..4aec7b9 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1559,8 +1559,13 @@ static struct sk_filter *__sk_prepare_filter(struct sk_filter *fp, fp->jited = 0; err = sk_chk_filter(fp->insns, fp->len); - if (err) + if (err) { + if (sk != NULL) + sk_filter_uncharge(sk, fp); + else + kfree(fp); return ERR_PTR(err); + } /* Probe if we can JIT compile the filter and if so, do * the compilation of the filter.