* [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change()
@ 2014-01-03 19:13 Cong Wang
2014-01-04 2:02 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Cong Wang @ 2014-01-03 19:13 UTC (permalink / raw)
To: netdev; +Cc: Cong Wang, Thomas Graf, David S. Miller, Jamal Hadi Salim
Fix it by moving allocation to ->init().
Cc: Thomas Graf <tgraf@suug.ch>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
---
net/sched/cls_cgroup.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c
index 16006c9..f0d1e81 100644
--- a/net/sched/cls_cgroup.c
+++ b/net/sched/cls_cgroup.c
@@ -169,6 +169,11 @@ static void cls_cgroup_put(struct tcf_proto *tp, unsigned long f)
static int cls_cgroup_init(struct tcf_proto *tp)
{
+ struct cls_cgroup_head *head;
+ head = kzalloc(sizeof(*head), GFP_KERNEL);
+ if (head == NULL)
+ return -ENOBUFS;
+ tp->root = head;
return 0;
}
@@ -195,21 +200,9 @@ static int cls_cgroup_change(struct net *net, struct sk_buff *in_skb,
if (!tca[TCA_OPTIONS])
return -EINVAL;
- if (head == NULL) {
- if (!handle)
- return -EINVAL;
-
- head = kzalloc(sizeof(*head), GFP_KERNEL);
- if (head == NULL)
- return -ENOBUFS;
-
+ if (head->handle == 0)
head->handle = handle;
- tcf_tree_lock(tp);
- tp->root = head;
- tcf_tree_unlock(tp);
- }
-
if (handle != head->handle)
return -ENOENT;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change()
2014-01-03 19:13 [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change() Cong Wang
@ 2014-01-04 2:02 ` David Miller
2014-01-06 23:23 ` Cong Wang
0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2014-01-04 2:02 UTC (permalink / raw)
To: xiyou.wangcong; +Cc: netdev, tgraf, jhs
From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Fri, 3 Jan 2014 11:13:19 -0800
> Fix it by moving allocation to ->init().
>
> Cc: Thomas Graf <tgraf@suug.ch>
> Cc: David S. Miller <davem@davemloft.net>
> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
I don't understand how the memory leak can happen, please explain
it in your commit message.
Also:
> {
> + struct cls_cgroup_head *head;
> + head = kzalloc(sizeof(*head), GFP_KERNEL);
Please add an empty line between local variable declarations
and code.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change()
2014-01-04 2:02 ` David Miller
@ 2014-01-06 23:23 ` Cong Wang
2014-01-07 21:19 ` Thomas Graf
0 siblings, 1 reply; 4+ messages in thread
From: Cong Wang @ 2014-01-06 23:23 UTC (permalink / raw)
To: David Miller
Cc: Linux Kernel Network Developers, Thomas Graf, Jamal Hadi Salim
On Fri, Jan 3, 2014 at 6:02 PM, David Miller <davem@davemloft.net> wrote:
> From: Cong Wang <xiyou.wangcong@gmail.com>
> Date: Fri, 3 Jan 2014 11:13:19 -0800
>
>> Fix it by moving allocation to ->init().
>>
>> Cc: Thomas Graf <tgraf@suug.ch>
>> Cc: David S. Miller <davem@davemloft.net>
>> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
>> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
>
> I don't understand how the memory leak can happen, please explain
> it in your commit message.
>
The leak happens when ->change() fails after the allocation
inside cls_cgroup_change(), its caller only does cleanup
when itself creates one. So, the callee should do cleanup
on error path by itself. But I may miss something.
Since it is not urgent at all, I will explain this in changelog
and resend it for net-next.
> Also:
>
>> {
>> + struct cls_cgroup_head *head;
>> + head = kzalloc(sizeof(*head), GFP_KERNEL);
>
> Please add an empty line between local variable declarations
> and code.
>
OK.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change()
2014-01-06 23:23 ` Cong Wang
@ 2014-01-07 21:19 ` Thomas Graf
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Graf @ 2014-01-07 21:19 UTC (permalink / raw)
To: Cong Wang; +Cc: David Miller, Linux Kernel Network Developers, Jamal Hadi Salim
On 01/06/14 at 03:23pm, Cong Wang wrote:
> On Fri, Jan 3, 2014 at 6:02 PM, David Miller <davem@davemloft.net> wrote:
> > From: Cong Wang <xiyou.wangcong@gmail.com>
> > Date: Fri, 3 Jan 2014 11:13:19 -0800
> >
> >> Fix it by moving allocation to ->init().
> >>
> >> Cc: Thomas Graf <tgraf@suug.ch>
> >> Cc: David S. Miller <davem@davemloft.net>
> >> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
> >> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
> >
> > I don't understand how the memory leak can happen, please explain
> > it in your commit message.
> >
>
> The leak happens when ->change() fails after the allocation
> inside cls_cgroup_change(), its caller only does cleanup
> when itself creates one. So, the callee should do cleanup
> on error path by itself. But I may miss something.
>
> Since it is not urgent at all, I will explain this in changelog
> and resend it for net-next.
I have no problem with the intent of the change but I want to
note that the behavior was introduced intentionally to be in
line with behaviour of other classifiers that use chaining.
It's not a leak, the reference is kept and freed when the
chain itself is deleted.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-01-07 21:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-03 19:13 [Patch net] cls_cgroup: fix memory leak in cls_cgroup_change() Cong Wang
2014-01-04 2:02 ` David Miller
2014-01-06 23:23 ` Cong Wang
2014-01-07 21:19 ` Thomas Graf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).