From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCE02C433FF for ; Tue, 6 Aug 2019 18:41:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 98B1720C01 for ; Tue, 6 Aug 2019 18:41:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726396AbfHFSlZ (ORCPT ); Tue, 6 Aug 2019 14:41:25 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:47880 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725881AbfHFSlP (ORCPT ); Tue, 6 Aug 2019 14:41:15 -0400 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::d71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 9E3CB152488F2; Tue, 6 Aug 2019 11:41:14 -0700 (PDT) Date: Tue, 06 Aug 2019 11:41:14 -0700 (PDT) Message-Id: <20190806.114114.1672670570404825284.davem@davemloft.net> To: ivan.khoronzhuk@linaro.org Cc: vinicius.gomes@intel.com, jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: sched: sch_taprio: fix memleak in error path for sched list parse From: David Miller In-Reply-To: <20190806100425.4356-1-ivan.khoronzhuk@linaro.org> References: <20190806100425.4356-1-ivan.khoronzhuk@linaro.org> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 06 Aug 2019 11:41:14 -0700 (PDT) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Ivan Khoronzhuk Date: Tue, 6 Aug 2019 13:04:25 +0300 > Based on net/master I wonder about that because: > --- a/net/sched/sch_taprio.c > +++ b/net/sched/sch_taprio.c > @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt, > spin_unlock_bh(qdisc_lock(sch)); > > free_sched: > - kfree(new_admin); > + if (new_admin) > + call_rcu(&new_admin->rcu, taprio_free_sched_cb); > > return err; In my tree the context around line 1451 is: nla_nest_end(skb, sched_nest); done: rcu_read_unlock(); return nla_nest_end(skb, nest); which is part of function taprio_dump(). Please respin this properly against current 'net' sources.