| Message ID | 20190806100425.4356-1-ivan.khoronzhuk@linaro.org |
|---|---|
| State | Changes Requested |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: sched: sch_taprio: fix memleak in error path for sched list parse | expand |
Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> writes: > In case off error, all entries should be freed from the sched list > before deleting it. For simplicity use rcu way. > > Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler") > Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> > --- Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
From: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> Date: Tue, 6 Aug 2019 13:04:25 +0300 > Based on net/master I wonder about that because: > --- a/net/sched/sch_taprio.c > +++ b/net/sched/sch_taprio.c > @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, > spin_unlock_bh(qdisc_lock(sch)); > > free_sched: > - kfree(new_admin); > + if (new_admin) > + call_rcu(&new_admin->rcu, taprio_free_sched_cb); > > return err; In my tree the context around line 1451 is: nla_nest_end(skb, sched_nest); done: rcu_read_unlock(); return nla_nest_end(skb, nest); which is part of function taprio_dump(). Please respin this properly against current 'net' sources.
On Tue, Aug 06, 2019 at 11:41:14AM -0700, David Miller wrote: >From: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> >Date: Tue, 6 Aug 2019 13:04:25 +0300 > >> Based on net/master > >I wonder about that because: Applies cleanly on net/master, but line num is not correct. I've sent v2. > >> --- a/net/sched/sch_taprio.c >> +++ b/net/sched/sch_taprio.c >> @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, >> spin_unlock_bh(qdisc_lock(sch)); >> >> free_sched: >> - kfree(new_admin); >> + if (new_admin) >> + call_rcu(&new_admin->rcu, taprio_free_sched_cb); >> >> return err; > >In my tree the context around line 1451 is: > > nla_nest_end(skb, sched_nest); > >done: > rcu_read_unlock(); > > return nla_nest_end(skb, nest); > > >which is part of function taprio_dump(). > >Please respin this properly against current 'net' sources.
diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index b55a82c1e1bc..4f6333035841 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, spin_unlock_bh(qdisc_lock(sch)); free_sched: - kfree(new_admin); + if (new_admin) + call_rcu(&new_admin->rcu, taprio_free_sched_cb); return err; }
In case off error, all entries should be freed from the sched list before deleting it. For simplicity use rcu way. Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler") Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> --- Based on net/master net/sched/sch_taprio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)