| Message ID | 1513264507-26199-1-git-send-email-yanhaishuang@cmss.chinamobile.com |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [1/2] ip_gre: fix potential memory leak in erspan_rcv | expand |
On Thu, Dec 14, 2017 at 7:15 AM, Haishuang Yan <yanhaishuang@cmss.chinamobile.com> wrote: > If md is NULL, tun_dst must be freed, otherwise it will cause memory > leak. > > Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") > Cc: William Tu <u9012063@gmail.com> > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> > --- > net/ipv4/ip_gre.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c > index d828821..9253d6f 100644 > --- a/net/ipv4/ip_gre.c > +++ b/net/ipv4/ip_gre.c > @@ -304,8 +304,10 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, > return PACKET_REJECT; > > md = ip_tunnel_info_opts(&tun_dst->u.tun_info); > - if (!md) > + if (!md) { > + dst_release((struct dst_entry *)tun_dst); > return PACKET_REJECT; > + } I'm not sure about this. Maybe we don't even need to check "if (!md)" since ip_tun_rx_dst does the memory allocation. William
> On 2017年12月15日, at 上午2:47, William Tu <u9012063@gmail.com> wrote: > > On Thu, Dec 14, 2017 at 7:15 AM, Haishuang Yan > <yanhaishuang@cmss.chinamobile.com> wrote: >> If md is NULL, tun_dst must be freed, otherwise it will cause memory >> leak. >> >> Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") >> Cc: William Tu <u9012063@gmail.com> >> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> >> --- >> net/ipv4/ip_gre.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c >> index d828821..9253d6f 100644 >> --- a/net/ipv4/ip_gre.c >> +++ b/net/ipv4/ip_gre.c >> @@ -304,8 +304,10 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, >> return PACKET_REJECT; >> >> md = ip_tunnel_info_opts(&tun_dst->u.tun_info); >> - if (!md) >> + if (!md) { >> + dst_release((struct dst_entry *)tun_dst); >> return PACKET_REJECT; >> + } > I'm not sure about this. Maybe we don't even need to check "if (!md)" > since ip_tun_rx_dst does the memory allocation. > William > Hi, William I think we need to check “if (!md)”, if md is okay, ip_tunnel_rcv will be responsible to free tun_dst: 448 drop: 449 if (tun_dst) 450 dst_release((struct dst_entry *)tun_dst); Thanks.
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index d828821..9253d6f 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -304,8 +304,10 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, return PACKET_REJECT; md = ip_tunnel_info_opts(&tun_dst->u.tun_info); - if (!md) + if (!md) { + dst_release((struct dst_entry *)tun_dst); return PACKET_REJECT; + } md->index = index; info = &tun_dst->u.tun_info;
If md is NULL, tun_dst must be freed, otherwise it will cause memory leak. Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") Cc: William Tu <u9012063@gmail.com> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> --- net/ipv4/ip_gre.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)