From patchwork Sun Jun 4 11:17:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liping Zhang X-Patchwork-Id: 770887 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3wgb6m1qRVz9s65 for ; Sun, 4 Jun 2017 21:18:40 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b="B+fnKe7I"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751077AbdFDLSi (ORCPT ); Sun, 4 Jun 2017 07:18:38 -0400 Received: from m12-18.163.com ([220.181.12.18]:54950 "EHLO m12-18.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750847AbdFDLSi (ORCPT ); Sun, 4 Jun 2017 07:18:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=Y3OQdBStPV6j8pAvVB t+zxtprfuGAnCW/oDwzpaTUXs=; b=B+fnKe7IY+wRQmr9Kc7y2pKvLMn50zAr6B d0CsuuDUNTldOV8Y3A/niHpk56hdeDN1EF3aFD+OgMhAAJeQpeKAMPIYWJlb6hZa dI/2g6qS31Wtc3/Xxzdpty0GvYyRpz1U7wDxEOS43vGt7so6whdJN3VtcKRjHWE3 +hAkn25QA= Received: from MiWiFi-R2D-srv.localdomain (unknown [180.164.216.164]) by smtp14 (Coremail) with SMTP id EsCowAAHhq5z7DNZ5B9HKA--.6414S2; Sun, 04 Jun 2017 19:18:21 +0800 (CST) From: Liping Zhang To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Liping Zhang , Davide Caratti Subject: [PATCH nf] netfilter: nf_ct_dccp/sctp: fix memory leak after netns cleanup Date: Sun, 4 Jun 2017 19:17:34 +0800 Message-Id: <1496575054-17168-1-git-send-email-zlpnobody@163.com> X-Mailer: git-send-email 2.5.5 X-CM-TRANSID: EsCowAAHhq5z7DNZ5B9HKA--.6414S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxAFWfWw18KF1UCrW8Kw1xKrg_yoWrZw1fp3 WFv343J3y8Jr42ya10kFyrAF18JrZ3Cay7u3yfJryrCw1qka1UKr48Kry2qF95ZrZ7JFyf CF4qvrWUtFy8AaUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jhOzsUUUUU= X-Originating-IP: [180.164.216.164] X-CM-SenderInfo: x2os00perg5qqrwthudrp/1tbiVB3sl1UMAiXFkwAAsa Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Liping Zhang After running the following commands for a while, kmemleak reported that "1879 new suspected memory leaks" happened: # while : ; do ip netns add test ip netns delete test done unreferenced object 0xffff88006342fa38 (size 1024): comm "ip", pid 15477, jiffies 4295982857 (age 957.836s) hex dump (first 32 bytes): b8 b0 4d a0 ff ff ff ff c0 34 c3 59 00 88 ff ff ..M......4.Y.... 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x4a/0xa0 [] __kmalloc_track_caller+0x150/0x300 [] kmemdup+0x20/0x50 [] dccp_init_net+0x8a/0x160 [nf_conntrack] [] nf_ct_l4proto_pernet_register_one+0x25/0x90 ... unreferenced object 0xffff88006342da58 (size 1024): comm "ip", pid 15477, jiffies 4295982857 (age 957.836s) hex dump (first 32 bytes): 10 b3 4d a0 ff ff ff ff 04 35 c3 59 00 88 ff ff ..M......5.Y.... 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x4a/0xa0 [] __kmalloc_track_caller+0x150/0x300 [] kmemdup+0x20/0x50 [] sctp_init_net+0x5d/0x130 [nf_conntrack] [] nf_ct_l4proto_pernet_register_one+0x25/0x90 ... This is because we forgot to implement the get_net_proto for sctp and dccp, so we won't invoke the nf_ct_unregister_sysctl to free the ctl_table when do netns cleanup. Also note, we will fail to register the sysctl for dccp/sctp either due to the lack of get_net_proto. Fixes: c51d39010a1b ("netfilter: conntrack: built-in support for DCCP") Fixes: a85406afeb3e ("netfilter: conntrack: built-in support for SCTP") Cc: Davide Caratti Signed-off-by: Liping Zhang Acked-by: Davide Caratti Acked-by: Florian Westphal --- net/netfilter/nf_conntrack_proto_dccp.c | 7 +++++++ net/netfilter/nf_conntrack_proto_sctp.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c index b553fdd..4707d99 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c @@ -872,6 +872,11 @@ static int dccp_init_net(struct net *net, u_int16_t proto) return dccp_kmemdup_sysctl_table(net, pn, dn); } +static struct nf_proto_net *dccp_get_net_proto(struct net *net) +{ + return &net->ct.nf_ct_proto.dccp.pn; +} + struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp4 __read_mostly = { .l3proto = AF_INET, .l4proto = IPPROTO_DCCP, @@ -904,6 +909,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp4 __read_mostly = { }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = dccp_init_net, + .get_net_proto = dccp_get_net_proto, }; EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_dccp4); @@ -939,5 +945,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp6 __read_mostly = { }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = dccp_init_net, + .get_net_proto = dccp_get_net_proto, }; EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_dccp6); diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 1c5b14a..4ed976f 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -786,6 +786,11 @@ static int sctp_init_net(struct net *net, u_int16_t proto) return sctp_kmemdup_sysctl_table(pn, sn); } +static struct nf_proto_net *sctp_get_net_proto(struct net *net) +{ + return &net->ct.nf_ct_proto.sctp.pn; +} + struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = { .l3proto = PF_INET, .l4proto = IPPROTO_SCTP, @@ -819,6 +824,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = { }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = sctp_init_net, + .get_net_proto = sctp_get_net_proto, }; EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_sctp4); @@ -855,5 +861,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = { #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ #endif .init_net = sctp_init_net, + .get_net_proto = sctp_get_net_proto, }; EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_sctp6);