new leaks in bridging code.

new leaks in bridging code.

[Dave Jones]

yesterdays bridging changes introduced leaks in the exit paths..

** CID 1194948:  Resource leak  (RESOURCE_LEAK)
/net/bridge/br_vlan.c: 196 in br_allowed_ingress()
/net/bridge/br_vlan.c: 218 in br_allowed_ingress()
/net/bridge/br_vlan.c: 220 in br_allowed_ingress()

*** CID 1194948:  Resource leak  (RESOURCE_LEAK)
/net/bridge/br_vlan.c: 196 in br_allowed_ingress()
190     
191     		/* Frame had a tag with VID 0 or did not have a tag.
192     		 * See if pvid is set on this port.  That tells us which
193     		 * vlan untagged or priority-tagged traffic belongs to.
194     		 */
195     		if (pvid == VLAN_N_VID)
>>>     CID 1194948:  Resource leak  (RESOURCE_LEAK)
>>>     Returning without freeing "skb" leaks the storage that it points to.
196     			return false;
197     
198     		/* PVID is set on this port.  Any untagged or priority-tagged
199     		 * ingress frame is considered to belong to this vlan.
200     		 */
201     		*vid = pvid;
/net/bridge/br_vlan.c: 218 in br_allowed_ingress()
212     
213     		return true;
214     	}
215     
216     	/* Frame had a valid vlan tag.  See if vlan is allowed */
217     	if (test_bit(*vid, v->vlan_bitmap))
>>>     CID 1194948:  Resource leak  (RESOURCE_LEAK)
>>>     Returning without freeing "skb" leaks the storage that it points to.
218     		return true;
219     
220     	return false;
221     }
222     
223     /* Called under RCU. */
/net/bridge/br_vlan.c: 220 in br_allowed_ingress()
214     	}
215     
216     	/* Frame had a valid vlan tag.  See if vlan is allowed */
217     	if (test_bit(*vid, v->vlan_bitmap))
218     		return true;
219     
>>>     CID 1194948:  Resource leak  (RESOURCE_LEAK)
>>>     Returning without freeing "skb" leaks the storage that it points to.
220     	return false;
221     }
222     
223     /* Called under RCU. */
224     bool br_allowed_egress(struct net_bridge *br,
225     		       const struct net_port_vlans *v,

Re: new leaks in bridging code.

[Toshiaki Makita]

On Sat, 2014-03-29 at 17:01 -0400, Dave Jones wrote:
> yesterdays bridging changes introduced leaks in the exit paths..
> 
The patch has nothing to do with this memory leak.
It has existed since br_allowed_ingress was introduced.
I'm working on fixing it.
http://marc.info/?t=139598775400004&r=1&w=2

Thanks,
Toshiaki Makita

Re: new leaks in bridging code.

[Dave Jones]

On Sun, Mar 30, 2014 at 11:28:21AM +0900, Toshiaki Makita wrote:
 > On Sat, 2014-03-29 at 17:01 -0400, Dave Jones wrote:
 > > yesterdays bridging changes introduced leaks in the exit paths..
 > > 
 > The patch has nothing to do with this memory leak.

Good point, the checker only picked up it as 'new' because of the
additional call to vlan_untag.

 > It has existed since br_allowed_ingress was introduced.
 > I'm working on fixing it.
 > http://marc.info/?t=139598775400004&r=1&w=2

Great! (I'm behind on email so hadn't seen this thread).

Thanks,

	Dave
 

Re: new leaks in bridging code.

[Toshiaki Makita]

(2014/03/30 11:47), Dave Jones wrote:
> On Sun, Mar 30, 2014 at 11:28:21AM +0900, Toshiaki Makita wrote:
>  > On Sat, 2014-03-29 at 17:01 -0400, Dave Jones wrote:
>  > > yesterdays bridging changes introduced leaks in the exit paths..
>  > > 
>  > The patch has nothing to do with this memory leak.
> 
> Good point, the checker only picked up it as 'new' because of the
> additional call to vlan_untag.
> 
>  > It has existed since br_allowed_ingress was introduced.
>  > I'm working on fixing it.
>  > http://marc.info/?t=139598775400004&r=1&w=2
> 
> Great! (I'm behind on email so hadn't seen this thread).
> 

Considering more deeply about why your checker claimed that vlan_untag()
in br_allowed_ingress() is bad, I got an idea that it should have
pointed out not resource leakage but double free of skb.

vlan_untag() may free skbs, but we also free skbs in caller side
(br_handle_frame_finish()) without updating skb pointers to NULL.

I'll also fix this problem.

Thanks,
Toshiaki Makita