* Re: [PATCH] batman-adv: Fix refcnt leak in batadv_store_throughput_override
@ 2020-04-15 11:10 Markus Elfring
0 siblings, 0 replies; 2+ messages in thread
From: Markus Elfring @ 2020-04-15 11:10 UTC (permalink / raw)
To: Xiyu Yang, Xin Tan, b.a.t.m.a.n, netdev
Cc: linux-kernel, Antonio Quartulli, David S. Miller, Jakub Kicinski,
Kangjie Lu, Marek Lindner, Simon Wunderlich, Sven Eckelmann,
Yuan Zhang
> The issue happens in one error path of
> batadv_store_throughput_override(). When batadv_parse_throughput()
> returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is
> not decreased, causing a refcnt leak.
How do you think about to mention the terms “exception handling”
and “reference counting” in the commit message?
Would you like to add the tag “Fixes” to the change description?
Regards,
Markus
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH] batman-adv: Fix refcnt leak in batadv_store_throughput_override
@ 2020-04-15 8:35 Xiyu Yang
0 siblings, 0 replies; 2+ messages in thread
From: Xiyu Yang @ 2020-04-15 8:35 UTC (permalink / raw)
To: Marek Lindner, Simon Wunderlich, Antonio Quartulli,
Sven Eckelmann, David S. Miller, Jakub Kicinski, b.a.t.m.a.n,
netdev, linux-kernel
Cc: yuanxzhang, kjlu, Xiyu Yang, Xin Tan
batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(),
which gets a batadv_hard_iface object from net_dev with increased refcnt
and its reference is assigned to a local pointer 'hard_iface'.
When batadv_store_throughput_override() returns, "hard_iface" becomes
invalid, so the refcount should be decreased to keep refcount balanced.
The issue happens in one error path of
batadv_store_throughput_override(). When batadv_parse_throughput()
returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is
not decreased, causing a refcnt leak.
Fix this issue by jumping to "out" label when batadv_parse_throughput()
returns NULL.
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
net/batman-adv/sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
index c45962d8527b..97736696d042 100644
--- a/net/batman-adv/sysfs.c
+++ b/net/batman-adv/sysfs.c
@@ -1150,7 +1150,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj,
ret = batadv_parse_throughput(net_dev, buff, "throughput_override",
&tp_override);
if (!ret)
- return count;
+ goto out;
old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override);
if (old_tp_override == tp_override)
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-15 11:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-15 11:10 [PATCH] batman-adv: Fix refcnt leak in batadv_store_throughput_override Markus Elfring
-- strict thread matches above, loose matches on Subject: below --
2020-04-15 8:35 Xiyu Yang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).