From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E35F8C282D7 for ; Mon, 11 Feb 2019 01:47:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B106A20811 for ; Mon, 11 Feb 2019 01:47:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="uxkp3Is1" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726896AbfBKBrv (ORCPT ); Sun, 10 Feb 2019 20:47:51 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:40998 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726102AbfBKBru (ORCPT ); Sun, 10 Feb 2019 20:47:50 -0500 Received: by mail-pg1-f196.google.com with SMTP id m1so4235544pgq.8 for ; Sun, 10 Feb 2019 17:47:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ci5cfaMQoAEAgXorixJNgiuwhE34IrHLh+5gq9uHZsg=; b=uxkp3Is1A00KUYY60++cIlltTHSkC4/HtEKx4C0uCmWd2Rbfy+tUixUNf7Kkn7Pwcj GdTb3YyCVFCaBpy5rjtKTQ6fUMgGB3M87Fwlo+wTZvhCQXkzhgoCajmyd3mTrugzWwvk j8xXyF/1asobh8jfqMUTUS43MW6fyZXzid+3LYC6DTljI6dj8lXmWcAk/5c1VB6u4rru Su1BE41BYyx2b8Za0oc3X0qVSb6Af4RbQiEPVjlbjeBoDqh0pKR6IpvoELbMxLaWe1hn Gs1SrycGD4Wf+291OyEJ0aMwYamuOHHT5Qt/311Zsp1sLivmCViyS1dG+99UdF2qE6O+ Zk0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ci5cfaMQoAEAgXorixJNgiuwhE34IrHLh+5gq9uHZsg=; b=X2E1OZ/tGEAd0rMNECrvnzqUdYYLmQihw4XBqP7zauOLfQvnl8k4Cbe/aCVkfSHimV J3CI68gbQz1WvKTfJLh9dnFliVQS5mJ3stuiZ4IEtakraDgidOzmkNowsRwWGRs6xrGm 3RTv7R1gY8KgiKOwjy8A6w2EFWKDEMFnahnXCzSTVpFHVxjY+IQ+llWtpexEfE1YKh83 h4EBGg5GANQccKEjDtzXALSpJ0PNnKLAJwYR+2iMAR1T53ZKKYxWgKe4fifN2ldfvYR+ LCV16/nClUBLZGVScQHCxhgscakumtoGK27FdazEsmHyQI/1IgLsVqo5JNdjyjuIhMI0 8QkQ== X-Gm-Message-State: AHQUAuaRX24Dd2+hY8ufldINnXxwa9WG/43X28UoESsHyisiJeto/xut b9uxnRj7S0NN3oD3koqa4SbxhNE2 X-Google-Smtp-Source: AHgI3Ia+mxELqyjO4LDAm/vxh5eXY9gHsmxvAe5qE6RQZt+N/PwSS9z47g20aNuMhP6c8dJqgNGmfw== X-Received: by 2002:a65:6215:: with SMTP id d21mr31593522pgv.289.1549849669532; Sun, 10 Feb 2019 17:47:49 -0800 (PST) Received: from tw-172-25-17-123.office.twttr.net ([8.25.197.25]) by smtp.gmail.com with ESMTPSA id p67sm11406703pfg.44.2019.02.10.17.47.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 10 Feb 2019 17:47:48 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , Jamal Hadi Salim , Jiri Pirko Subject: [Patch net 3/3] net_sched: fix two more memory leaks in cls_tcindex Date: Sun, 10 Feb 2019 17:47:31 -0800 Message-Id: <20190211014731.23932-4-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190211014731.23932-1-xiyou.wangcong@gmail.com> References: <20190211014731.23932-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org struct tcindex_filter_result contains two parts: struct tcf_exts and struct tcf_result. For the local variable 'cr', its exts part is never used but initialized without being released properly on success path. So just completely remove the exts part to fix this leak. For the local variable 'new_filter_result', it is never properly released if not used by 'r' on success path. Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang --- net/sched/cls_tcindex.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c index 6c3436e8436c..297cb6e98c44 100644 --- a/net/sched/cls_tcindex.c +++ b/net/sched/cls_tcindex.c @@ -315,9 +315,9 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, struct nlattr *est, bool ovr, struct netlink_ext_ack *extack) { struct tcindex_filter_result new_filter_result, *old_r = r; - struct tcindex_filter_result cr; struct tcindex_data *cp = NULL, *oldp; struct tcindex_filter *f = NULL; /* make gcc behave */ + struct tcf_result cr = {}; int err, balloc = 0; struct tcf_exts e; @@ -357,13 +357,10 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, cp->h = p->h; err = tcindex_filter_result_init(&new_filter_result); - if (err < 0) - goto errout1; - err = tcindex_filter_result_init(&cr); if (err < 0) goto errout1; if (old_r) - cr.res = r->res; + cr = r->res; if (tb[TCA_TCINDEX_HASH]) cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]); @@ -454,8 +451,8 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, } if (tb[TCA_TCINDEX_CLASSID]) { - cr.res.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]); - tcf_bind_filter(tp, &cr.res, base); + cr.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]); + tcf_bind_filter(tp, &cr, base); } if (old_r && old_r != r) { @@ -467,7 +464,7 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, } oldp = p; - r->res = cr.res; + r->res = cr; tcf_exts_change(&r->exts, &e); rcu_assign_pointer(tp->root, cp); @@ -486,6 +483,8 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, ; /* nothing */ rcu_assign_pointer(*fp, f); + } else { + tcf_exts_destroy(&new_filter_result.exts); } if (oldp) { @@ -503,7 +502,6 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, else if (balloc == 2) kfree(cp->h); errout1: - tcf_exts_destroy(&cr.exts); tcf_exts_destroy(&new_filter_result.exts); errout: kfree(cp); -- 2.20.1