From: Ido Schimmel <idosch@idosch.org>
To: Vlad Buslov <vladbu@nvidia.com>
Cc: davem@davemloft.net, kuba@kernel.org, edumazet@google.com,
pabeni@redhat.com, netdev@vger.kernel.org,
amir.hanania@intel.com, jeffrey.t.kirsher@intel.com,
john.fastabend@gmail.com
Subject: Re: [PATCH net] vlan: Fix VLAN 0 memory leak
Date: Sun, 30 Jul 2023 18:30:15 +0300 [thread overview]
Message-ID: <ZMaCB/Pek5c4baCn@shredder> (raw)
In-Reply-To: <20230728163152.682078-1-vladbu@nvidia.com>
On Fri, Jul 28, 2023 at 06:31:52PM +0200, Vlad Buslov wrote:
> The referenced commit intended to fix memleak of VLAN 0 that is implicitly
> created on devices with NETIF_F_HW_VLAN_CTAG_FILTER feature. However, it
> doesn't take into account that the feature can be re-set during the
> netdevice lifetime which will cause memory leak if feature is disabled
> during the device deletion as illustrated by [0]. Fix the leak by
> unconditionally deleting VLAN 0 on NETDEV_DOWN event.
Specifically, what happens is:
>
> [0]:
> > modprobe 8021q
> > ip l set dev eth2 up
VID 0 is created with reference count of 1
> > ethtool -k eth2 | grep rx-vlan-filter
> rx-vlan-filter: on
> > ethtool -K eth2 rx-vlan-filter off
> > ip l set dev eth2 down
Reference count is not dropped because the feature is off
> > ip l set dev eth2 up
Reference count is not increased because the feature is off. It could
have been increased if this line was preceded by:
ethtool -K eth2 rx-vlan-filter on
> > modprobe -r mlx5_ib
> > modprobe -r mlx5_core
Reference count is not dropped during NETDEV_DOWN because the feature is
off and NETDEV_UNREGISTER only dismantles upper VLAN devices, resulting
in VID 0 being leaked.
> > echo scan > /sys/kernel/debug/kmemleak
> > cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffff888165af1c00 (size 256):
> comm "ip", pid 1847, jiffies 4294908816 (age 155.892s)
> hex dump (first 32 bytes):
> 00 80 12 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<0000000081646e58>] kmalloc_trace+0x27/0xc0
> [<0000000096c47f74>] vlan_vid_add+0x444/0x750
> [<00000000a7304a26>] vlan_device_event+0x1f1/0x1f20 [8021q]
> [<00000000a888adcb>] notifier_call_chain+0x97/0x240
> [<000000005a6ebbb6>] __dev_notify_flags+0xe2/0x250
> [<00000000d423db72>] dev_change_flags+0xfa/0x170
> [<0000000048bc9621>] do_setlink+0x84b/0x3140
> [<0000000087d26a73>] __rtnl_newlink+0x954/0x1550
> [<00000000f767fdc2>] rtnl_newlink+0x5f/0x90
> [<0000000093aed008>] rtnetlink_rcv_msg+0x336/0xa40
> [<000000008d83ca71>] netlink_rcv_skb+0x12c/0x360
> [<000000006227c8de>] netlink_unicast+0x438/0x710
> [<00000000957f18cf>] netlink_sendmsg+0x7a0/0xc70
> [<00000000768833ad>] sock_sendmsg+0xc5/0x190
> [<0000000048d43666>] ____sys_sendmsg+0x534/0x6b0
> [<00000000bd83c8d6>] ___sys_sendmsg+0xeb/0x170
> unreferenced object 0xffff888122bb9080 (size 32):
> comm "ip", pid 1847, jiffies 4294908816 (age 155.892s)
> hex dump (first 32 bytes):
> a0 1c af 65 81 88 ff ff a0 1c af 65 81 88 ff ff ...e.......e....
> 81 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<0000000081646e58>] kmalloc_trace+0x27/0xc0
> [<00000000174174bb>] vlan_vid_add+0x4fd/0x750
> [<00000000a7304a26>] vlan_device_event+0x1f1/0x1f20 [8021q]
> [<00000000a888adcb>] notifier_call_chain+0x97/0x240
> [<000000005a6ebbb6>] __dev_notify_flags+0xe2/0x250
> [<00000000d423db72>] dev_change_flags+0xfa/0x170
> [<0000000048bc9621>] do_setlink+0x84b/0x3140
> [<0000000087d26a73>] __rtnl_newlink+0x954/0x1550
> [<00000000f767fdc2>] rtnl_newlink+0x5f/0x90
> [<0000000093aed008>] rtnetlink_rcv_msg+0x336/0xa40
> [<000000008d83ca71>] netlink_rcv_skb+0x12c/0x360
> [<000000006227c8de>] netlink_unicast+0x438/0x710
> [<00000000957f18cf>] netlink_sendmsg+0x7a0/0xc70
> [<00000000768833ad>] sock_sendmsg+0xc5/0x190
> [<0000000048d43666>] ____sys_sendmsg+0x534/0x6b0
> [<00000000bd83c8d6>] ___sys_sendmsg+0xeb/0x170
>
> Fixes: efc73f4bbc23 ("net: Fix memory leak - vlan_info struct")
> Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
next prev parent reply other threads:[~2023-07-30 15:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-28 16:31 [PATCH net] vlan: Fix VLAN 0 memory leak Vlad Buslov
2023-07-30 15:30 ` Ido Schimmel [this message]
2023-07-31 9:52 ` Simon Horman
2023-07-31 15:45 ` Ido Schimmel
2023-07-31 19:11 ` Vlad Buslov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMaCB/Pek5c4baCn@shredder \
--to=idosch@idosch.org \
--cc=amir.hanania@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=vladbu@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.