* [PATCH net] tipc: fix a possible memleak in tipc_buf_append
@ 2024-04-30 14:03 Xin Long
2024-05-01 15:15 ` Simon Horman
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Xin Long @ 2024-04-30 14:03 UTC (permalink / raw)
To: network dev, tipc-discussion
Cc: davem, kuba, Eric Dumazet, Paolo Abeni, Jon Maloy, Ying Xue,
Tung Nguyen
__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.
Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
net/tipc/msg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 5c9fd4791c4b..c52ab423082c 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -142,9 +142,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
if (fragid == FIRST_FRAGMENT) {
if (unlikely(head))
goto err;
- *buf = NULL;
if (skb_has_frag_list(frag) && __skb_linearize(frag))
goto err;
+ *buf = NULL;
frag = skb_unshare(frag, GFP_ATOMIC);
if (unlikely(!frag))
goto err;
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] tipc: fix a possible memleak in tipc_buf_append
2024-04-30 14:03 [PATCH net] tipc: fix a possible memleak in tipc_buf_append Xin Long
@ 2024-05-01 15:15 ` Simon Horman
2024-05-02 0:43 ` Tung Quang Nguyen
2024-05-02 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2024-05-01 15:15 UTC (permalink / raw)
To: Xin Long
Cc: network dev, tipc-discussion, davem, kuba, Eric Dumazet,
Paolo Abeni, Jon Maloy, Ying Xue, Tung Nguyen
On Tue, Apr 30, 2024 at 10:03:38AM -0400, Xin Long wrote:
> __skb_linearize() doesn't free the skb when it fails, so move
> '*buf = NULL' after __skb_linearize(), so that the skb can be
> freed on the err path.
>
> Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
> Reported-by: Paolo Abeni <pabeni@redhat.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH net] tipc: fix a possible memleak in tipc_buf_append
2024-04-30 14:03 [PATCH net] tipc: fix a possible memleak in tipc_buf_append Xin Long
2024-05-01 15:15 ` Simon Horman
@ 2024-05-02 0:43 ` Tung Quang Nguyen
2024-05-02 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Tung Quang Nguyen @ 2024-05-02 0:43 UTC (permalink / raw)
To: Xin Long, network dev, tipc-discussion@lists.sourceforge.net
Cc: davem@davemloft.net, kuba@kernel.org, Eric Dumazet, Paolo Abeni,
Jon Maloy, Ying Xue
>Subject: [PATCH net] tipc: fix a possible memleak in tipc_buf_append
>
>__skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the
>err path.
>
>Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
>Reported-by: Paolo Abeni <pabeni@redhat.com>
>Signed-off-by: Xin Long <lucien.xin@gmail.com>
>---
> net/tipc/msg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/net/tipc/msg.c b/net/tipc/msg.c index 5c9fd4791c4b..c52ab423082c 100644
>--- a/net/tipc/msg.c
>+++ b/net/tipc/msg.c
>@@ -142,9 +142,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
> if (fragid == FIRST_FRAGMENT) {
> if (unlikely(head))
> goto err;
>- *buf = NULL;
> if (skb_has_frag_list(frag) && __skb_linearize(frag))
> goto err;
>+ *buf = NULL;
> frag = skb_unshare(frag, GFP_ATOMIC);
> if (unlikely(!frag))
> goto err;
>--
>2.43.0
Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] tipc: fix a possible memleak in tipc_buf_append
2024-04-30 14:03 [PATCH net] tipc: fix a possible memleak in tipc_buf_append Xin Long
2024-05-01 15:15 ` Simon Horman
2024-05-02 0:43 ` Tung Quang Nguyen
@ 2024-05-02 2:20 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-05-02 2:20 UTC (permalink / raw)
To: Xin Long
Cc: netdev, tipc-discussion, davem, kuba, edumazet, pabeni, jmaloy,
ying.xue, tung.q.nguyen
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Tue, 30 Apr 2024 10:03:38 -0400 you wrote:
> __skb_linearize() doesn't free the skb when it fails, so move
> '*buf = NULL' after __skb_linearize(), so that the skb can be
> freed on the err path.
>
> Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs")
> Reported-by: Paolo Abeni <pabeni@redhat.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
>
> [...]
Here is the summary with links:
- [net] tipc: fix a possible memleak in tipc_buf_append
https://git.kernel.org/netdev/net/c/97bf6f81b29a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-05-02 2:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-30 14:03 [PATCH net] tipc: fix a possible memleak in tipc_buf_append Xin Long
2024-05-01 15:15 ` Simon Horman
2024-05-02 0:43 ` Tung Quang Nguyen
2024-05-02 2:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).