From: "Michael S. Tsirkin" <mst@redhat.com>
To: wexu@redhat.com
Cc: virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
jasowang@redhat.com, mjrosato@linux.vnet.ibm.com
Subject: Re: [PATCH 3/3] tap: free skb if flags error
Date: Fri, 1 Dec 2017 16:48:25 +0200 [thread overview]
Message-ID: <20171201164821-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <1512123038-15773-4-git-send-email-wexu@redhat.com>
On Fri, Dec 01, 2017 at 05:10:38AM -0500, wexu@redhat.com wrote:
> From: Wei Xu <wexu@redhat.com>
>
> tap_recvmsg() supports accepting skb by msg_control after
> commit 3b4ba04acca8 ("tap: support receiving skb from msg_control"),
> the skb if presented should be freed within the function, otherwise
> it would be leaked.
>
> Signed-off-by: Wei Xu <wexu@redhat.com>
> Reported-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> drivers/net/tap.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/tap.c b/drivers/net/tap.c
> index e9489b8..0a886fda 100644
> --- a/drivers/net/tap.c
> +++ b/drivers/net/tap.c
> @@ -829,8 +829,11 @@ static ssize_t tap_do_read(struct tap_queue *q,
> DEFINE_WAIT(wait);
> ssize_t ret = 0;
>
> - if (!iov_iter_count(to))
> + if (!iov_iter_count(to)) {
> + if (skb)
> + kfree_skb(skb);
> return 0;
> + }
>
> if (skb)
> goto put;
> @@ -1154,11 +1157,14 @@ static int tap_recvmsg(struct socket *sock, struct msghdr *m,
> size_t total_len, int flags)
> {
> struct tap_queue *q = container_of(sock, struct tap_queue, sock);
> + struct sk_buff *skb = m->msg_control;
> int ret;
> - if (flags & ~(MSG_DONTWAIT|MSG_TRUNC))
> + if (flags & ~(MSG_DONTWAIT|MSG_TRUNC)) {
> + if (skb)
> + kfree_skb(skb);
> return -EINVAL;
> - ret = tap_do_read(q, &m->msg_iter, flags & MSG_DONTWAIT,
> - m->msg_control);
> + }
> + ret = tap_do_read(q, &m->msg_iter, flags & MSG_DONTWAIT, skb);
> if (ret > total_len) {
> m->msg_flags |= MSG_TRUNC;
> ret = flags & MSG_TRUNC ? ret : total_len;
> --
> 1.8.3.1
next prev parent reply other threads:[~2017-12-01 14:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-01 10:10 [PATCH net,stable v4 0/3] vhost: fix a few skb leaks wexu
2017-12-01 10:10 ` [PATCH 1/3] vhost: fix skb leak in handle_rx() wexu
2017-12-01 14:48 ` Michael S. Tsirkin
2017-12-01 10:10 ` [PATCH 2/3] tun: free skb in early errors wexu
2017-12-01 14:48 ` Michael S. Tsirkin
2017-12-01 10:10 ` [PATCH 3/3] tap: free skb if flags error wexu
2017-12-01 14:48 ` Michael S. Tsirkin [this message]
2017-12-01 14:47 ` [PATCH net,stable v4 0/3] vhost: fix a few skb leaks Michael S. Tsirkin
2017-12-01 14:54 ` Matthew Rosato
2017-12-01 14:58 ` Michael S. Tsirkin
2017-12-03 2:32 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2017-12-01 5:54 [PATCH net,stable v3] " wexu
2017-12-01 5:54 ` [PATCH 3/3] tap: free skb if flags error wexu
2017-12-01 7:10 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171201164821-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mjrosato@linux.vnet.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
--cc=wexu@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).