From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB6D8C282D7 for ; Mon, 11 Feb 2019 21:06:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B8984214DA for ; Mon, 11 Feb 2019 21:06:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lSSpahPV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727177AbfBKVGc (ORCPT ); Mon, 11 Feb 2019 16:06:32 -0500 Received: from mail-pg1-f195.google.com ([209.85.215.195]:40495 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727049AbfBKVGa (ORCPT ); Mon, 11 Feb 2019 16:06:30 -0500 Received: by mail-pg1-f195.google.com with SMTP id z10so133603pgp.7 for ; Mon, 11 Feb 2019 13:06:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=J057ccbD73lRJaF0tOefPI+UGjrd1Y1ihP6556hri4s=; b=lSSpahPVlOR4jFUq0Ywl3BLVjXlOynGjIz/QvTe2eMXb5R0mu/L13N54LM3bXZCaTy fGz/hr6bEF24YwlHMjkwPKIBBfaBAVF9pJs8JHsnARbGJn9JZ//QdxF/ZMUHLOjINVp2 BBU8eiLizmk4DCGorrfsFdWhsKih+Fqs8571wkmDWwyqW3mXHMBUQgvTQw9iWyi4THqD uQpO+VAw/xERMZfkmw16YA93cJuxLw6uPhPa6b966nq2wl09UBnhFgxssFupxRGcIjZb aEYpLsX6Sk1SAiLKg5P4AWxRJGOfh8dDxZhSy11ny7wuGQEOunUVCSOPlkRmDEOTNweR 1HnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=J057ccbD73lRJaF0tOefPI+UGjrd1Y1ihP6556hri4s=; b=c93vsrhly3QRRSZTZn8nVm9P3jUqTxUiloag0Es7HMGWP4FLJgvdyoCAuhBawlHhNG SuhsxGN2mUh/gLjfxTuAuDzLTMCDoo/DnpfndoMPfAPBEm4P0rX/Q+sBwYiWZw8+K5ps YU4ivFO10QY0zobkPbXzCAKanSQLJgSctRiTszgEgHtqitgNa+9p97V9CFhw/yBkDXFU A6q059Ks7nIVnHcd/EN7recUR2q411odBm6voS038XAViNZ2+mMFYlVfw9SrpXUHRSlj ywXIMYm0WW+Q6ZhuiNAw4Go2qXRMcp8YM1GqONn1LcU2igOPQpgQVP9v9S8IX7FmaEu6 A2lg== X-Gm-Message-State: AHQUAubU2YX+wdSuoe/laUeSmaRiKNfq7AbXwgnSN8yhItYYKlmEp1Ih e55CRFscsfL4801bpsMS5+IfnBo1 X-Google-Smtp-Source: AHgI3IbIAaDfgVHqyO/yATj26Qn+Kf+vYJIqYrvfnTaVM5RVEJcjFfsaLw5UbFqK5sijqKrzkl9Fjw== X-Received: by 2002:a62:6702:: with SMTP id b2mr225561pfc.244.1549919188998; Mon, 11 Feb 2019 13:06:28 -0800 (PST) Received: from tw-172-25-17-123.office.twttr.net ([8.25.197.25]) by smtp.gmail.com with ESMTPSA id q127sm14873872pgq.39.2019.02.11.13.06.27 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 11 Feb 2019 13:06:27 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , Jamal Hadi Salim , Jiri Pirko Subject: [Patch net v2 3/3] net_sched: fix two more memory leaks in cls_tcindex Date: Mon, 11 Feb 2019 13:06:16 -0800 Message-Id: <20190211210616.9592-4-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190211210616.9592-1-xiyou.wangcong@gmail.com> References: <20190211210616.9592-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org struct tcindex_filter_result contains two parts: struct tcf_exts and struct tcf_result. For the local variable 'cr', its exts part is never used but initialized without being released properly on success path. So just completely remove the exts part to fix this leak. For the local variable 'new_filter_result', it is never properly released if not used by 'r' on success path. Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang --- net/sched/cls_tcindex.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c index 70ea5b1a7889..38bb882bb958 100644 --- a/net/sched/cls_tcindex.c +++ b/net/sched/cls_tcindex.c @@ -304,9 +304,9 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, struct nlattr *est, bool ovr, struct netlink_ext_ack *extack) { struct tcindex_filter_result new_filter_result, *old_r = r; - struct tcindex_filter_result cr; struct tcindex_data *cp = NULL, *oldp; struct tcindex_filter *f = NULL; /* make gcc behave */ + struct tcf_result cr = {}; int err, balloc = 0; struct tcf_exts e; @@ -345,13 +345,10 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, cp->h = p->h; err = tcindex_filter_result_init(&new_filter_result); - if (err < 0) - goto errout1; - err = tcindex_filter_result_init(&cr); if (err < 0) goto errout1; if (old_r) - cr.res = r->res; + cr = r->res; if (tb[TCA_TCINDEX_HASH]) cp->hash = nla_get_u32(tb[TCA_TCINDEX_HASH]); @@ -442,8 +439,8 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, } if (tb[TCA_TCINDEX_CLASSID]) { - cr.res.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]); - tcf_bind_filter(tp, &cr.res, base); + cr.classid = nla_get_u32(tb[TCA_TCINDEX_CLASSID]); + tcf_bind_filter(tp, &cr, base); } if (old_r && old_r != r) { @@ -455,7 +452,7 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, } oldp = p; - r->res = cr.res; + r->res = cr; tcf_exts_change(&r->exts, &e); rcu_assign_pointer(tp->root, cp); @@ -474,6 +471,8 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, ; /* nothing */ rcu_assign_pointer(*fp, f); + } else { + tcf_exts_destroy(&new_filter_result.exts); } if (oldp) @@ -486,7 +485,6 @@ tcindex_set_parms(struct net *net, struct tcf_proto *tp, unsigned long base, else if (balloc == 2) kfree(cp->h); errout1: - tcf_exts_destroy(&cr.exts); tcf_exts_destroy(&new_filter_result.exts); errout: kfree(cp); -- 2.20.1