net: sched: sch_taprio: fix memleak in error path for sched list parse
diff mbox series

Message ID 20190806100425.4356-1-ivan.khoronzhuk@linaro.org
State Accepted
Commit 51650d33b2771acd505068da669cf85cffac369a
Headers show
Series
  • net: sched: sch_taprio: fix memleak in error path for sched list parse
Related show

Commit Message

Ivan Khoronzhuk Aug. 6, 2019, 10:04 a.m. UTC
In case off error, all entries should be freed from the sched list
before deleting it. For simplicity use rcu way.

Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler")
Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
---

Based on net/master

 net/sched/sch_taprio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Vinicius Costa Gomes Aug. 6, 2019, 4:21 p.m. UTC | #1
Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> writes:

> In case off error, all entries should be freed from the sched list
> before deleting it. For simplicity use rcu way.
>
> Fixes: 5a781ccbd19e46 ("tc: Add support for configuring the taprio scheduler")
> Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
> ---

Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
David Miller Aug. 6, 2019, 6:41 p.m. UTC | #2
From: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
Date: Tue,  6 Aug 2019 13:04:25 +0300

> Based on net/master

I wonder about that because:

> --- a/net/sched/sch_taprio.c
> +++ b/net/sched/sch_taprio.c
> @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
>  	spin_unlock_bh(qdisc_lock(sch));
>  
>  free_sched:
> -	kfree(new_admin);
> +	if (new_admin)
> +		call_rcu(&new_admin->rcu, taprio_free_sched_cb);
>  
>  	return err;

In my tree the context around line 1451 is:

	nla_nest_end(skb, sched_nest);

done:
	rcu_read_unlock();

	return nla_nest_end(skb, nest);


which is part of function taprio_dump().

Please respin this properly against current 'net' sources.
Ivan Khoronzhuk Aug. 6, 2019, 10:42 p.m. UTC | #3
On Tue, Aug 06, 2019 at 11:41:14AM -0700, David Miller wrote:
>From: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
>Date: Tue,  6 Aug 2019 13:04:25 +0300
>
>> Based on net/master
>
>I wonder about that because:
Applies cleanly on net/master, but line num is not correct.
I've sent v2.

>
>> --- a/net/sched/sch_taprio.c
>> +++ b/net/sched/sch_taprio.c
>> @@ -1451,7 +1451,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
>>  	spin_unlock_bh(qdisc_lock(sch));
>>
>>  free_sched:
>> -	kfree(new_admin);
>> +	if (new_admin)
>> +		call_rcu(&new_admin->rcu, taprio_free_sched_cb);
>>
>>  	return err;
>
>In my tree the context around line 1451 is:
>
>	nla_nest_end(skb, sched_nest);
>
>done:
>	rcu_read_unlock();
>
>	return nla_nest_end(skb, nest);
>
>
>which is part of function taprio_dump().
>
>Please respin this properly against current 'net' sources.

Patch
diff mbox series

diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index b55a82c1e1bc..4f6333035841 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -1451,7 +1451,8 @@  static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
 	spin_unlock_bh(qdisc_lock(sch));
 
 free_sched:
-	kfree(new_admin);
+	if (new_admin)
+		call_rcu(&new_admin->rcu, taprio_free_sched_cb);
 
 	return err;
 }