[PATCH iproute2 v3 0/2] fix memory leak in get_task_name()

[PATCH iproute2 v3 0/2] fix memory leak in get_task_name()

[Andrea Claudi]

This series fixes some memory leaks related to the usage of the
get_task_name() function from lib/fs.c.

Patch 2/2 addresses a coverity warning related to this memory leak,
making the code a bit more readable by humans and coverity.

Changelog:
----------
v2 -> v3
- Use a better API for get_task_name(), passing to it a buffer and its
  lenght just like get_command_name().

v1 -> v2
- on Stephen's suggestion, drop asprintf() and use a local var for path;
  additionally drop %m from fscanf to not allocate memory, and resort to
  a param to return task name to the caller.
- patch 2/3 of the original series is no more needed.

Andrea Claudi (2):
  lib/fs: fix memory leak in get_task_name()
  rdma: make RES_PID and RES_KERN_NAME alternative to each other

 include/utils.h |  2 +-
 ip/iptuntap.c   | 17 ++++++++++-------
 lib/fs.c        | 23 +++++++++++++----------
 rdma/res-cmid.c | 18 +++++++++---------
 rdma/res-cq.c   | 17 +++++++++--------
 rdma/res-ctx.c  | 16 ++++++++--------
 rdma/res-mr.c   | 15 ++++++++-------
 rdma/res-pd.c   | 17 +++++++++--------
 rdma/res-qp.c   | 16 ++++++++--------
 rdma/res-srq.c  | 17 +++++++++--------
 rdma/stat.c     | 14 +++++++++-----
 11 files changed, 93 insertions(+), 79 deletions(-)

-- 
2.35.1

[PATCH iproute2 v3 1/2] lib/fs: fix memory leak in get_task_name()

[Andrea Claudi]

asprintf() allocates memory which is not freed on the error path of
get_task_name(), thus potentially leading to memory leaks.
%m specifier on fscanf allocates memory, too, which needs to be freed by
the caller.

This reworks get_task_name() to avoid memory allocation.
- Pass a buffer and its lenght to the function, similarly to what
  get_command_name() does, thus avoiding to allocate memory for
  the string to be returned;
- Use snprintf() instead of asprintf();
- Use fgets() instead of fscanf() to limit string lenght.

Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
---
 include/utils.h |  2 +-
 ip/iptuntap.c   | 17 ++++++++++-------
 lib/fs.c        | 23 +++++++++++++----------
 rdma/res-cmid.c |  8 +++++---
 rdma/res-cq.c   |  8 +++++---
 rdma/res-ctx.c  |  7 ++++---
 rdma/res-mr.c   |  7 ++++---
 rdma/res-pd.c   |  8 +++++---
 rdma/res-qp.c   |  7 ++++---
 rdma/res-srq.c  |  7 ++++---
 rdma/stat.c     |  5 ++++-
 11 files changed, 59 insertions(+), 40 deletions(-)

diff --git a/include/utils.h b/include/utils.h
index b6c468e9..b0e0967c 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -307,7 +307,7 @@ char *find_cgroup2_mount(bool do_mount);
 __u64 get_cgroup2_id(const char *path);
 char *get_cgroup2_path(__u64 id, bool full);
 int get_command_name(const char *pid, char *comm, size_t len);
-char *get_task_name(pid_t pid);
+int get_task_name(pid_t pid, char *name, size_t len);
 
 int get_rtnl_link_stats_rta(struct rtnl_link_stats64 *stats64,
 			    struct rtattr *tb[]);
diff --git a/ip/iptuntap.c b/ip/iptuntap.c
index 385d2bd8..35c9bf5b 100644
--- a/ip/iptuntap.c
+++ b/ip/iptuntap.c
@@ -321,14 +321,17 @@ static void show_processes(const char *name)
 			} else if (err == 2 &&
 				   !strcmp("iff", key) &&
 				   !strcmp(name, value)) {
-				char *pname = get_task_name(pid);
-
-				print_string(PRINT_ANY, "name",
-					     "%s", pname ? : "<NULL>");
+				SPRINT_BUF(pname);
+
+				if (get_task_name(pid, pname, sizeof(pname))) {
+					print_string(PRINT_ANY, "name",
+						     "%s", "<NULL>");
+				} else {
+					print_string(PRINT_ANY, "name",
+						     "%s", pname);
+				}
 
-				print_uint(PRINT_ANY, "pid",
-					   "(%d)", pid);
-				free(pname);
+				print_uint(PRINT_ANY, "pid", "(%d)", pid);
 			}
 
 			free(key);
diff --git a/lib/fs.c b/lib/fs.c
index f6f5f8a0..3752931c 100644
--- a/lib/fs.c
+++ b/lib/fs.c
@@ -342,25 +342,28 @@ int get_command_name(const char *pid, char *comm, size_t len)
 	return 0;
 }
 
-char *get_task_name(pid_t pid)
+int get_task_name(pid_t pid, char *name, size_t len)
 {
-	char *comm;
+	char path[PATH_MAX];
 	FILE *f;
 
 	if (!pid)
-		return NULL;
+		return -1;
 
-	if (asprintf(&comm, "/proc/%d/comm", pid) < 0)
-		return NULL;
+	if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
+		return -1;
 
-	f = fopen(comm, "r");
+	f = fopen(path, "r");
 	if (!f)
-		return NULL;
+		return -1;
 
-	if (fscanf(f, "%ms\n", &comm) != 1)
-		comm = NULL;
+	if (!fgets(name, len, f))
+		return -1;
+
+	/* comm ends in \n, get rid of it */
+	name[strcspn(name, "\n")] = '\0';
 
 	fclose(f);
 
-	return comm;
+	return 0;
 }
diff --git a/rdma/res-cmid.c b/rdma/res-cmid.c
index fd57dbb7..b532d7f4 100644
--- a/rdma/res-cmid.c
+++ b/rdma/res-cmid.c
@@ -159,8 +159,11 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
 		goto out;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -199,8 +202,7 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
 	print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
 	newline(rd);
 
-out:	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
+out:
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-cq.c b/rdma/res-cq.c
index 818e1d0c..a4625afc 100644
--- a/rdma/res-cq.c
+++ b/rdma/res-cq.c
@@ -84,8 +84,11 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
 		goto out;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -123,8 +126,7 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
 	print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
 	newline(rd);
 
-out:	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
+out:
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-ctx.c b/rdma/res-ctx.c
index ea5faf18..79ecbf67 100644
--- a/rdma/res-ctx.c
+++ b/rdma/res-ctx.c
@@ -18,8 +18,11 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
 		return MNL_CB_ERROR;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -48,8 +51,6 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
 	newline(rd);
 
 out:
-	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-mr.c b/rdma/res-mr.c
index 25eaa056..7153a6fe 100644
--- a/rdma/res-mr.c
+++ b/rdma/res-mr.c
@@ -47,8 +47,11 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
 		goto out;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -87,8 +90,6 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
 	newline(rd);
 
 out:
-	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-pd.c b/rdma/res-pd.c
index 2932eb98..09c1040c 100644
--- a/rdma/res-pd.c
+++ b/rdma/res-pd.c
@@ -34,8 +34,11 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
 			nla_line[RDMA_NLDEV_ATTR_RES_UNSAFE_GLOBAL_RKEY]);
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -76,8 +79,7 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
 	print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
 	newline(rd);
 
-out:	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
+out:
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-qp.c b/rdma/res-qp.c
index 9218804a..151accb9 100644
--- a/rdma/res-qp.c
+++ b/rdma/res-qp.c
@@ -146,8 +146,11 @@ static int res_qp_line(struct rd *rd, const char *name, int idx,
 		goto out;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -179,8 +182,6 @@ static int res_qp_line(struct rd *rd, const char *name, int idx,
 	print_driver_table(rd, nla_line[RDMA_NLDEV_ATTR_DRIVER]);
 	newline(rd);
 out:
-	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/res-srq.c b/rdma/res-srq.c
index c6df454a..f3a652d8 100644
--- a/rdma/res-srq.c
+++ b/rdma/res-srq.c
@@ -174,8 +174,11 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
 		return MNL_CB_ERROR;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 	if (rd_is_filtered_attr(rd, "pid", pid,
 				nla_line[RDMA_NLDEV_ATTR_RES_PID]))
@@ -228,8 +231,6 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
 	newline(rd);
 
 out:
-	if (nla_line[RDMA_NLDEV_ATTR_RES_PID])
-		free(comm);
 	return MNL_CB_OK;
 }
 
diff --git a/rdma/stat.c b/rdma/stat.c
index c7da2922..ab062915 100644
--- a/rdma/stat.c
+++ b/rdma/stat.c
@@ -248,8 +248,11 @@ static int res_counter_line(struct rd *rd, const char *name, int index,
 		return MNL_CB_OK;
 
 	if (nla_line[RDMA_NLDEV_ATTR_RES_PID]) {
+		SPRINT_BUF(b);
+
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
-		comm = get_task_name(pid);
+		if (!get_task_name(pid, b, sizeof(b)))
+			comm = b;
 	}
 	if (rd_is_filtered_attr(rd, "pid", pid,
 				nla_line[RDMA_NLDEV_ATTR_RES_PID]))
-- 
2.35.1

[PATCH iproute2 v3 2/2] rdma: make RES_PID and RES_KERN_NAME alternative to each other

[Andrea Claudi]

RDMA_NLDEV_ATTR_RES_PID and RDMA_NLDEV_ATTR_RES_KERN_NAME cannot be set
together, as evident for the fill_res_name_pid() function in the kernel
infiniband driver. This commit makes this clear at first glance, using
an else branch for the RDMA_NLDEV_ATTR_RES_KERN_NAME case.

This also helps coverity to better understand this code and avoid
producing a bogus warning complaining about mnl_attr_get_str overwriting
comme, and thus leaking the storage that comm points to.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
---
 rdma/res-cmid.c | 10 ++++------
 rdma/res-cq.c   |  9 ++++-----
 rdma/res-ctx.c  |  9 ++++-----
 rdma/res-mr.c   |  8 ++++----
 rdma/res-pd.c   |  9 ++++-----
 rdma/res-qp.c   |  9 ++++-----
 rdma/res-srq.c  | 10 +++++-----
 rdma/stat.c     |  9 +++++----
 8 files changed, 34 insertions(+), 39 deletions(-)

diff --git a/rdma/res-cmid.c b/rdma/res-cmid.c
index b532d7f4..7371c3a6 100644
--- a/rdma/res-cmid.c
+++ b/rdma/res-cmid.c
@@ -164,6 +164,10 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -176,12 +180,6 @@ static int res_cm_id_line(struct rd *rd, const char *name, int idx,
 				nla_line[RDMA_NLDEV_ATTR_RES_CM_IDN]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-	}
-
 	open_json_object(NULL);
 	print_link(rd, idx, name, port, nla_line);
 	res_print_u32(rd, "cm-idn", cm_idn,
diff --git a/rdma/res-cq.c b/rdma/res-cq.c
index a4625afc..2cfa4994 100644
--- a/rdma/res-cq.c
+++ b/rdma/res-cq.c
@@ -89,6 +89,10 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -106,11 +110,6 @@ static int res_cq_line(struct rd *rd, const char *name, int idx,
 				nla_line[RDMA_NLDEV_ATTR_RES_CTXN]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	open_json_object(NULL);
 	print_dev(rd, idx, name);
 	res_print_u32(rd, "cqn", cqn, nla_line[RDMA_NLDEV_ATTR_RES_CQN]);
diff --git a/rdma/res-ctx.c b/rdma/res-ctx.c
index 79ecbf67..500186d9 100644
--- a/rdma/res-ctx.c
+++ b/rdma/res-ctx.c
@@ -23,6 +23,10 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -36,11 +40,6 @@ static int res_ctx_line(struct rd *rd, const char *name, int idx,
 				nla_line[RDMA_NLDEV_ATTR_RES_CTXN]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	open_json_object(NULL);
 	print_dev(rd, idx, name);
 	res_print_u32(rd, "ctxn", ctxn, nla_line[RDMA_NLDEV_ATTR_RES_CTXN]);
diff --git a/rdma/res-mr.c b/rdma/res-mr.c
index 7153a6fe..fb48d5df 100644
--- a/rdma/res-mr.c
+++ b/rdma/res-mr.c
@@ -52,6 +52,10 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -70,10 +74,6 @@ static int res_mr_line(struct rd *rd, const char *name, int idx,
 				nla_line[RDMA_NLDEV_ATTR_RES_PDN]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	open_json_object(NULL);
 	print_dev(rd, idx, name);
 	res_print_u32(rd, "mrn", mrn, nla_line[RDMA_NLDEV_ATTR_RES_MRN]);
diff --git a/rdma/res-pd.c b/rdma/res-pd.c
index 09c1040c..66f91f42 100644
--- a/rdma/res-pd.c
+++ b/rdma/res-pd.c
@@ -39,6 +39,10 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
@@ -58,11 +62,6 @@ static int res_pd_line(struct rd *rd, const char *name, int idx,
 				nla_line[RDMA_NLDEV_ATTR_RES_PDN]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	open_json_object(NULL);
 	print_dev(rd, idx, name);
 	res_print_u32(rd, "pdn", pdn, nla_line[RDMA_NLDEV_ATTR_RES_PDN]);
diff --git a/rdma/res-qp.c b/rdma/res-qp.c
index 151accb9..c180a97e 100644
--- a/rdma/res-qp.c
+++ b/rdma/res-qp.c
@@ -151,17 +151,16 @@ static int res_qp_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
 
 	if (rd_is_filtered_attr(rd, "pid", pid,
 				nla_line[RDMA_NLDEV_ATTR_RES_PID]))
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	open_json_object(NULL);
 	print_link(rd, idx, name, port, nla_line);
 	res_print_u32(rd, "lqpn", lqpn, nla_line[RDMA_NLDEV_ATTR_RES_LQPN]);
diff --git a/rdma/res-srq.c b/rdma/res-srq.c
index f3a652d8..186ae281 100644
--- a/rdma/res-srq.c
+++ b/rdma/res-srq.c
@@ -179,7 +179,12 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
+
 	if (rd_is_filtered_attr(rd, "pid", pid,
 				nla_line[RDMA_NLDEV_ATTR_RES_PID]))
 		goto out;
@@ -212,11 +217,6 @@ static int res_srq_line(struct rd *rd, const char *name, int idx,
 			MNL_CB_OK)
 		goto out;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		/* discard const from mnl_attr_get_str */
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	open_json_object(NULL);
 	print_dev(rd, idx, name);
 	res_print_u32(rd, "srqn", srqn, nla_line[RDMA_NLDEV_ATTR_RES_SRQN]);
diff --git a/rdma/stat.c b/rdma/stat.c
index ab062915..aad8815c 100644
--- a/rdma/stat.c
+++ b/rdma/stat.c
@@ -253,15 +253,16 @@ static int res_counter_line(struct rd *rd, const char *name, int index,
 		pid = mnl_attr_get_u32(nla_line[RDMA_NLDEV_ATTR_RES_PID]);
 		if (!get_task_name(pid, b, sizeof(b)))
 			comm = b;
+	} else if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]) {
+		/* discard const from mnl_attr_get_str */
+		comm = (char *)mnl_attr_get_str(
+			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
 	}
+
 	if (rd_is_filtered_attr(rd, "pid", pid,
 				nla_line[RDMA_NLDEV_ATTR_RES_PID]))
 		return MNL_CB_OK;
 
-	if (nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME])
-		comm = (char *)mnl_attr_get_str(
-			nla_line[RDMA_NLDEV_ATTR_RES_KERN_NAME]);
-
 	mnl_attr_for_each_nested(nla_entry, qp_table) {
 		struct nlattr *qp_line[RDMA_NLDEV_ATTR_MAX] = {};
 
-- 
2.35.1

Re: [PATCH iproute2 v3 1/2] lib/fs: fix memory leak in get_task_name()

[Stephen Hemminger]

On Tue,  8 Mar 2022 18:04:56 +0100
Andrea Claudi <aclaudi@redhat.com> wrote:

> asprintf() allocates memory which is not freed on the error path of
> get_task_name(), thus potentially leading to memory leaks.
> %m specifier on fscanf allocates memory, too, which needs to be freed by
> the caller.
> 
> This reworks get_task_name() to avoid memory allocation.
> - Pass a buffer and its lenght to the function, similarly to what
>   get_command_name() does, thus avoiding to allocate memory for
>   the string to be returned;
> - Use snprintf() instead of asprintf();
> - Use fgets() instead of fscanf() to limit string lenght.

Spelling s/lenght/length/

> 
> Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma")
> Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
> ---
>  include/utils.h |  2 +-
>  ip/iptuntap.c   | 17 ++++++++++-------
>  lib/fs.c        | 23 +++++++++++++----------
>  rdma/res-cmid.c |  8 +++++---
>  rdma/res-cq.c   |  8 +++++---
>  rdma/res-ctx.c  |  7 ++++---
>  rdma/res-mr.c   |  7 ++++---
>  rdma/res-pd.c   |  8 +++++---
>  rdma/res-qp.c   |  7 ++++---
>  rdma/res-srq.c  |  7 ++++---
>  rdma/stat.c     |  5 ++++-
>  11 files changed, 59 insertions(+), 40 deletions(-)
> 
> diff --git a/include/utils.h b/include/utils.h
> index b6c468e9..b0e0967c 100644
> --- a/include/utils.h
> +++ b/include/utils.h
> @@ -307,7 +307,7 @@ char *find_cgroup2_mount(bool do_mount);
>  __u64 get_cgroup2_id(const char *path);
>  char *get_cgroup2_path(__u64 id, bool full);
>  int get_command_name(const char *pid, char *comm, size_t len);
> -char *get_task_name(pid_t pid);
> +int get_task_name(pid_t pid, char *name, size_t len);
>  
>  int get_rtnl_link_stats_rta(struct rtnl_link_stats64 *stats64,
>  			    struct rtattr *tb[]);
> diff --git a/ip/iptuntap.c b/ip/iptuntap.c
> index 385d2bd8..35c9bf5b 100644
> --- a/ip/iptuntap.c
> +++ b/ip/iptuntap.c
> @@ -321,14 +321,17 @@ static void show_processes(const char *name)
>  			} else if (err == 2 &&
>  				   !strcmp("iff", key) &&
>  				   !strcmp(name, value)) {
> -				char *pname = get_task_name(pid);
> -
> -				print_string(PRINT_ANY, "name",
> -					     "%s", pname ? : "<NULL>");
> +				SPRINT_BUF(pname);
> +
> +				if (get_task_name(pid, pname, sizeof(pname))) {
> +					print_string(PRINT_ANY, "name",
> +						     "%s", "<NULL>");
> +				} else {
> +					print_string(PRINT_ANY, "name",
> +						     "%s", pname);
> +				}
>

Don't need brackets here. I can fix that.