From: David Ahern <dsahern@gmail.com>
To: Xiyu Yang <xiyuyang19@fudan.edu.cn>,
"David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Xin Tan <tanxin.ctf@gmail.com>
Subject: Re: [PATCH] ipv6: Fix nexthop refcnt leak when creating ipv6 route info
Date: Sat, 25 Jul 2020 18:07:49 -0600 [thread overview]
Message-ID: <330e3acc-dff5-a59e-e138-97ffbb6e7892@gmail.com> (raw)
In-Reply-To: <1595664139-40703-1-git-send-email-xiyuyang19@fudan.edu.cn>
On 7/25/20 2:02 AM, Xiyu Yang wrote:
> ip6_route_info_create() invokes nexthop_get(), which increases the
> refcount of the "nh".
>
> When ip6_route_info_create() returns, local variable "nh" becomes
> invalid, so the refcount should be decreased to keep refcount balanced.
I forgot to write the test case for this very code path in
tools/testing/selftests/net/fib_nexthops.sh. If you have the time, it
goes in ipv6_fcnal_runtime() - see the last 'TO-DO' item.
>
> The reference counting issue happens in one exception handling path of
> ip6_route_info_create(). When nexthops can not be used with source
> routing, the function forgets to decrease the refcnt increased by
> nexthop_get(), causing a refcnt leak.
>
> Fix this issue by pulling up the error source routing handling when
> nexthops can not be used with source routing.
>
Fixes: f88d8ea67fbd ("ipv6: Plumb support for nexthop object in a
fib6_info")
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
> ---
> net/ipv6/route.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
Reviewed-by: David Ahern <dsahern@kernel.org>
next prev parent reply other threads:[~2020-07-26 0:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-25 8:02 [PATCH] ipv6: Fix nexthop refcnt leak when creating ipv6 route info Xiyu Yang
2020-07-26 0:07 ` David Ahern [this message]
2020-07-29 0:24 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=330e3acc-dff5-a59e-e138-97ffbb6e7892@gmail.com \
--to=dsahern@gmail.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tanxin.ctf@gmail.com \
--cc=xiyuyang19@fudan.edu.cn \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.