From: John Fastabend <john.fastabend@gmail.com>
To: ast@kernel.org, daniel@iogearbox.net, andriin@fb.com
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org, john.fastabend@gmail.com
Subject: [PATCH v2 bpf 1/2] bpf, sockmap: fix potential msg memory leak
Date: Thu, 1 Jul 2021 17:11:22 -0700 [thread overview]
Message-ID: <20210702001123.728035-2-john.fastabend@gmail.com> (raw)
In-Reply-To: <20210702001123.728035-1-john.fastabend@gmail.com>
If skb_linearize is needed and fails we could leak a msg on the error
handling. To fix ensure we kfree the msg block before returning error.
Found during code review.
Fixes: 4363023d2668e ("bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
---
net/core/skmsg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 9b6160a191f8..22603289c2b2 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -505,8 +505,10 @@ static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb,
* drop the skb. We need to linearize the skb so that the mapping
* in skb_to_sgvec can not error.
*/
- if (skb_linearize(skb))
+ if (skb_linearize(skb)) {
+ kfree(msg);
return -EAGAIN;
+ }
num_sge = skb_to_sgvec(skb, msg->sg.data, 0, skb->len);
if (unlikely(num_sge < 0)) {
kfree(msg);
--
2.25.1
next prev parent reply other threads:[~2021-07-02 0:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-02 0:11 [PATCH v2 bpf 0/2] potential sockmap memleak and proc stats fix John Fastabend
2021-07-02 0:11 ` John Fastabend [this message]
2021-07-02 19:54 ` [PATCH v2 bpf 1/2] bpf, sockmap: fix potential msg memory leak Cong Wang
2021-07-05 16:27 ` John Fastabend
2021-07-02 0:11 ` [PATCH v2 bpf 2/2] bpf, sockmap: sk_prot needs inuse_idx for proc stats John Fastabend
2021-07-02 19:50 ` Cong Wang
2021-07-05 16:28 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210702001123.728035-2-john.fastabend@gmail.com \
--to=john.fastabend@gmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.