[PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
@ 2022-09-12 13:58 Tetsuo Handa
  2022-09-12 14:17 ` Pablo Neira Ayuso
  2022-09-15 20:20 ` Florian Westphal
  0 siblings, 2 replies; 3+ messages in thread
From: Tetsuo Handa @ 2022-09-12 13:58 UTC (permalink / raw)
  To: Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal
  Cc: netfilter-devel, coreteam, Network Development

It seems to me that percpu memory for chain stats started leaking since
commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to
hardware priority") when nft_chain_offload_priority() returned an error.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority")
---
The "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()" made
me wonder where free_percpu() is called when nft_basechain_init() returned an error. But I
don't know whether this patch is correct. Please check carefully.

 net/netfilter/nf_tables_api.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index e062754dc6cc..63c70141b3e5 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2243,6 +2243,7 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask,
 		if (err < 0) {
 			nft_chain_release_hook(&hook);
 			kfree(basechain);
+			free_percpu(stats);
 			return err;
 		}
 		if (stats)
-- 
2.18.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
  2022-09-12 13:58 [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() Tetsuo Handa
@ 2022-09-12 14:17 ` Pablo Neira Ayuso
  2022-09-15 20:20 ` Florian Westphal
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2022-09-12 14:17 UTC (permalink / raw)
  To: Tetsuo Handa
  Cc: Jozsef Kadlecsik, Florian Westphal, netfilter-devel, coreteam,
	Network Development

On Mon, Sep 12, 2022 at 10:58:51PM +0900, Tetsuo Handa wrote:
> It seems to me that percpu memory for chain stats started leaking since
> commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to
> hardware priority") when nft_chain_offload_priority() returned an error.

Patch also LGTM. Thanks.

> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Fixes: 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority")
> ---
> The "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()" made
> me wonder where free_percpu() is called when nft_basechain_init() returned an error. But I
> don't know whether this patch is correct. Please check carefully.
>
>  net/netfilter/nf_tables_api.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index e062754dc6cc..63c70141b3e5 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -2243,6 +2243,7 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask,
>  		if (err < 0) {
>  			nft_chain_release_hook(&hook);
>  			kfree(basechain);
> +			free_percpu(stats);
>  			return err;
>  		}
>  		if (stats)
> -- 
> 2.18.4

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
  2022-09-12 13:58 [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() Tetsuo Handa
  2022-09-12 14:17 ` Pablo Neira Ayuso
@ 2022-09-15 20:20 ` Florian Westphal
  1 sibling, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2022-09-15 20:20 UTC (permalink / raw)
  To: Tetsuo Handa
  Cc: Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal,
	netfilter-devel, coreteam, Network Development

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> wrote:
> It seems to me that percpu memory for chain stats started leaking since
> commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to
> hardware priority") when nft_chain_offload_priority() returned an error.

Also applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-09-15 20:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-12 13:58 [PATCH] netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() Tetsuo Handa
2022-09-12 14:17 ` Pablo Neira Ayuso
2022-09-15 20:20 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).