* [PATCH] batman-adv: Fix refcnt leak in batadv_v_ogm_process
@ 2020-04-20 5:37 Xiyu Yang
2020-04-20 5:53 ` Sven Eckelmann
0 siblings, 1 reply; 2+ messages in thread
From: Xiyu Yang @ 2020-04-20 5:37 UTC (permalink / raw)
To: Marek Lindner, Simon Wunderlich, Antonio Quartulli,
Sven Eckelmann, David S. Miller, Jakub Kicinski, b.a.t.m.a.n,
netdev, linux-kernel
Cc: yuanxzhang, kjlu, Xiyu Yang, Xin Tan
batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns
a reference of the neighbor object to "hardif_neigh" with increased
refcount.
When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so
the refcount should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling paths of
batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the
orig node and returns NULL, the refcnt increased by
batadv_hardif_neigh_get() is not decreased, causing a refcnt leak.
Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get()
fails to get the orig node.
Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic")
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
net/batman-adv/bat_v_ogm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
index 969466218999..80b87b1f4e3a 100644
--- a/net/batman-adv/bat_v_ogm.c
+++ b/net/batman-adv/bat_v_ogm.c
@@ -893,7 +893,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset,
orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig);
if (!orig_node)
- return;
+ goto out;
neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming,
ethhdr->h_source);
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] batman-adv: Fix refcnt leak in batadv_v_ogm_process
2020-04-20 5:37 [PATCH] batman-adv: Fix refcnt leak in batadv_v_ogm_process Xiyu Yang
@ 2020-04-20 5:53 ` Sven Eckelmann
0 siblings, 0 replies; 2+ messages in thread
From: Sven Eckelmann @ 2020-04-20 5:53 UTC (permalink / raw)
To: Xiyu Yang
Cc: Marek Lindner, Antonio Quartulli, David S. Miller, Jakub Kicinski,
b.a.t.m.a.n, netdev, linux-kernel, yuanxzhang, kjlu, Xin Tan
[-- Attachment #1: Type: text/plain, Size: 1120 bytes --]
On Monday, 20 April 2020 07:37:20 CEST Xiyu Yang wrote:
> batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns
> a reference of the neighbor object to "hardif_neigh" with increased
> refcount.
>
> When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so
> the refcount should be decreased to keep refcount balanced.
>
> The reference counting issue happens in one exception handling paths of
> batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the
> orig node and returns NULL, the refcnt increased by
> batadv_hardif_neigh_get() is not decreased, causing a refcnt leak.
>
> Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get()
> fails to get the orig node.
>
> Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic")
> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
> ---
> net/batman-adv/bat_v_ogm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied [1]
Thanks,
Sven
[1] https://git.open-mesh.org/linux-merge.git/commit/afba933d9875cdf31c973a1ecf05de7129a142c4
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-20 5:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-20 5:37 [PATCH] batman-adv: Fix refcnt leak in batadv_v_ogm_process Xiyu Yang
2020-04-20 5:53 ` Sven Eckelmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox