[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01c8fa29-8bda-ccae-b7fb-8df85992b437@gmail.com>
Date: Mon, 31 Aug 2020 10:43:57 +0900
From: Toshiaki Makita <toshiaki.makita1@...il.com>
To: Rustam Kovhaev <rkovhaev@...il.com>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
gregkh@...uxfoundation.org
Subject: Re: [PATCH] veth: fix memory leak in veth_newlink()
On 2020/08/31 9:51, Rustam Kovhaev wrote:
> On Mon, Aug 31, 2020 at 09:16:32AM +0900, Toshiaki Makita wrote:
>> On 2020/08/30 22:13, Rustam Kovhaev wrote:
>>> when register_netdevice(dev) fails we should check whether struct
>>> veth_rq has been allocated via ndo_init callback and free it, because,
>>> depending on the code path, register_netdevice() might not call
>>> priv_destructor() callback
>>
>> AFAICS, register_netdevice() always goto err_uninit and calls priv_destructor()
>> on failure after ndo_init() succeeded.
>> So I could not find such a code path.
>> Would you elaborate on it?
>
> in net/core/dev.c:9863, where register_netdevice() calls rollback_registered(),
> which does not call priv_destructor(), then register_netdevice() returns error
> net/core/dev.c:9884
Thank you, now I see the code path.
But then all devices which allocate something in ndo_init() and free them in
priv_destructor() are affected? E.g. loopback and ifb seem to do such thing.
Why not calling priv_destructor() after invocation of rollback_registered()?
It looks weird that only that path does not call priv_destructor().
Toshiaki Makita
Powered by blists - more mailing lists