lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 3 Jan 2021 09:41:00 +0100
From:   Paul Menzel <pmenzel@...gen.mpg.de>
To:     Dinghao Liu <dinghao.liu@....edu.cn>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        intel-wired-lan@...ts.osuosl.org, Jakub Kicinski <kuba@...nel.org>,
        "David S. Miller" <davem@...emloft.net>, kjlu@....edu
Subject: Re: [Intel-wired-lan] [PATCH] net: ixgbe: Fix memleak in
 ixgbe_configure_clsu32

Dear Dinghao,


Am 03.01.21 um 09:08 schrieb Dinghao Liu:
> When ixgbe_fdir_write_perfect_filter_82599() fails,
> input allocated by kzalloc() has not been freed,
> which leads to memleak.

Nice find. Thank you for your patches. Out of curiosity, do you use an 
analysis tool to find these issues?

> Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
> ---
>   drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> index 393d1c2cd853..e9c2d28efc81 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> @@ -9582,8 +9582,10 @@ static int ixgbe_configure_clsu32(struct ixgbe_adapter *adapter,
>   	ixgbe_atr_compute_perfect_hash_82599(&input->filter, mask);
>   	err = ixgbe_fdir_write_perfect_filter_82599(hw, &input->filter,
>   						    input->sw_idx, queue);
> -	if (!err)
> -		ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx);
> +	if (err)
> +		goto err_out_w_lock;
> +
> +	ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx);
>   	spin_unlock(&adapter->fdir_perfect_lock);
>   
>   	if ((uhtid != 0x800) && (adapter->jump_tables[uhtid]))

Reviewed-by: Paul Menzel <pmenzel@...gen.mpg.de>

I wonder, in the non-error case, how `input` and `jump` are freed.

Old code:

>         if (!err)
>                 ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx);
>         spin_unlock(&adapter->fdir_perfect_lock);
> 
>         if ((uhtid != 0x800) && (adapter->jump_tables[uhtid]))
>                 set_bit(loc - 1, (adapter->jump_tables[uhtid])->child_loc_map);
> 
>         kfree(mask);
>         return err;

Should these two lines be replaced with `goto err_out`? (Though the name 
is confusing then, as it’s the non-error case.)

> err_out_w_lock:
>         spin_unlock(&adapter->fdir_perfect_lock);
> err_out:
>         kfree(mask);
> free_input:
>         kfree(input);
> free_jump:
>         kfree(jump);
>         return err;
> }

Kind regards,

Paul

Powered by blists - more mailing lists