* Re: [PATCH] [RESENT]netfilter: nfnetlink_cthelper: Fix memory leak
[not found] <1490080030-6799-1-git-send-email-jeffy.chen@rock-chips.com>
@ 2017-03-21 11:31 ` Pablo Neira Ayuso
2017-03-21 11:59 ` Pablo Neira Ayuso
1 sibling, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-21 11:31 UTC (permalink / raw)
To: Jeffy Chen; +Cc: Douglas Anderson, Brian Norris, netfilter-devel
On Tue, Mar 21, 2017 at 03:07:10PM +0800, Jeffy Chen wrote:
> We have memory leaks of nf_conntrack_helper & expect_policy.
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] [RESENT]netfilter: nfnetlink_cthelper: Fix memory leak
[not found] <1490080030-6799-1-git-send-email-jeffy.chen@rock-chips.com>
2017-03-21 11:31 ` [PATCH] [RESENT]netfilter: nfnetlink_cthelper: Fix memory leak Pablo Neira Ayuso
@ 2017-03-21 11:59 ` Pablo Neira Ayuso
1 sibling, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-21 11:59 UTC (permalink / raw)
To: Jeffy Chen; +Cc: Douglas Anderson, Brian Norris, netfilter-devel, zlpnobody
On Tue, Mar 21, 2017 at 03:07:10PM +0800, Jeffy Chen wrote:
> We have memory leaks of nf_conntrack_helper & expect_policy.
>
> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
> ---
>
> net/netfilter/nfnetlink_cthelper.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
> index de87823..99d4bd7 100644
> --- a/net/netfilter/nfnetlink_cthelper.c
> +++ b/net/netfilter/nfnetlink_cthelper.c
> @@ -191,6 +191,8 @@ nfnl_cthelper_parse_expect_policy(struct nf_conntrack_helper *helper,
> if (ret < 0)
> goto err;
> }
> +
> + kfree(helper->expect_policy);
> helper->expect_policy = expect_policy;
This is fixing the leak, however this is not safe since a packet may
be still walking on the older helper->expect_policy.
old_expect_policy = helper->expect_policy);
helper->expect_policy = expect_policy;
kfree(old_expect_policy);
We need to protect this with RCU if we want to support expectation
policy updates properly.
I'm going to take this patch, but we have to follow up on this.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-21 11:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1490080030-6799-1-git-send-email-jeffy.chen@rock-chips.com>
2017-03-21 11:31 ` [PATCH] [RESENT]netfilter: nfnetlink_cthelper: Fix memory leak Pablo Neira Ayuso
2017-03-21 11:59 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.