Message ID | alpine.LNX.2.00.1202062224210.20532@swampdragon.chaosbits.net |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Le lundi 06 février 2012 à 22:28 +0100, Jesper Juhl a écrit : > We allocate memory for 'new_data' with kmalloc(). If we get the memory > we then try to build_skb() and if that should fail (which it can) we > do not enter 'if (likely(skb)) {' and actually use 'new_data' but > instead fall through to the 'drop:' label and end up returning from > the function without ever assigning 'new'data' to anything or freeing > it. That leaks the memory allocated to 'new_data'. > > This patch fixes the memory leak by doing a kfree(new_data) in the > case where build_skb() fails (or where allocation of 'new_data' itself > fails, but in taht case it's just a harmless kfree(NULL)). > > Signed-off-by: Jesper Juhl <jj@chaosbits.net> > --- > drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +-- > 1 files changed, 1 insertions(+), 2 deletions(-) > > No hardware to test, so compile tested only. > > diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > index 03f3935..7aee469 100644 > --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > @@ -523,7 +523,6 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, > skb = build_skb(data); > > if (likely(skb)) { > - > #ifdef BNX2X_STOP_ON_ERROR > if (pad + len > fp->rx_buf_size) { > BNX2X_ERR("skb_put is about to fail... " > @@ -557,7 +556,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, > > return; > } > - > + kfree(new_data); > drop: > /* drop the packet and keep the buffer in the bin */ > DP(NETIF_MSG_RX_STATUS, > -- > 1.7.9 > > Good catch, my bad. Thanks Acked-by: Eric Dumazet <eric.dumazet@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 2012-02-06 at 23:53 +0100, Eric Dumazet wrote: > Le lundi 06 février 2012 à 22:28 +0100, Jesper Juhl a écrit : > > We allocate memory for 'new_data' with kmalloc(). If we get the memory > > we then try to build_skb() and if that should fail (which it can) we > > do not enter 'if (likely(skb)) {' and actually use 'new_data' but > > instead fall through to the 'drop:' label and end up returning from > > the function without ever assigning 'new'data' to anything or freeing > > it. That leaks the memory allocated to 'new_data'. > > > > This patch fixes the memory leak by doing a kfree(new_data) in the > > case where build_skb() fails (or where allocation of 'new_data' itself > > fails, but in taht case it's just a harmless kfree(NULL)). > > > > Signed-off-by: Jesper Juhl <jj@chaosbits.net> > > --- > > drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +-- > > 1 files changed, 1 insertions(+), 2 deletions(-) > > > > No hardware to test, so compile tested only. > > > > diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > > index 03f3935..7aee469 100644 > > --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > > +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c > > @@ -523,7 +523,6 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, > > skb = build_skb(data); > > > > if (likely(skb)) { > > - > > #ifdef BNX2X_STOP_ON_ERROR > > if (pad + len > fp->rx_buf_size) { > > BNX2X_ERR("skb_put is about to fail... " > > @@ -557,7 +556,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, > > > > return; > > } > > - > > + kfree(new_data); > > drop: > > /* drop the packet and keep the buffer in the bin */ > > DP(NETIF_MSG_RX_STATUS, > > -- > > 1.7.9 > > > > > > Good catch, my bad. > > Thanks > > Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Indeed - nice catch. Thanks Jesper. Acked-by: Eilon Greenstein <eilong@broadcom.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: "Eilon Greenstein" <eilong@broadcom.com> Date: Tue, 7 Feb 2012 08:55:01 +0200 > On Mon, 2012-02-06 at 23:53 +0100, Eric Dumazet wrote: >> Le lundi 06 février 2012 à 22:28 +0100, Jesper Juhl a écrit : >> > We allocate memory for 'new_data' with kmalloc(). If we get the memory >> > we then try to build_skb() and if that should fail (which it can) we >> > do not enter 'if (likely(skb)) {' and actually use 'new_data' but >> > instead fall through to the 'drop:' label and end up returning from >> > the function without ever assigning 'new'data' to anything or freeing >> > it. That leaks the memory allocated to 'new_data'. >> > >> > This patch fixes the memory leak by doing a kfree(new_data) in the >> > case where build_skb() fails (or where allocation of 'new_data' itself >> > fails, but in taht case it's just a harmless kfree(NULL)). >> > >> > Signed-off-by: Jesper Juhl <jj@chaosbits.net> ... >> Good catch, my bad. >> >> Thanks >> >> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> > > Indeed - nice catch. Thanks Jesper. > > Acked-by: Eilon Greenstein <eilong@broadcom.com> Applied, thanks everyone. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c index 03f3935..7aee469 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c @@ -523,7 +523,6 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, skb = build_skb(data); if (likely(skb)) { - #ifdef BNX2X_STOP_ON_ERROR if (pad + len > fp->rx_buf_size) { BNX2X_ERR("skb_put is about to fail... " @@ -557,7 +556,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, return; } - + kfree(new_data); drop: /* drop the packet and keep the buffer in the bin */ DP(NETIF_MSG_RX_STATUS,
We allocate memory for 'new_data' with kmalloc(). If we get the memory we then try to build_skb() and if that should fail (which it can) we do not enter 'if (likely(skb)) {' and actually use 'new_data' but instead fall through to the 'drop:' label and end up returning from the function without ever assigning 'new'data' to anything or freeing it. That leaks the memory allocated to 'new_data'. This patch fixes the memory leak by doing a kfree(new_data) in the case where build_skb() fails (or where allocation of 'new_data' itself fails, but in taht case it's just a harmless kfree(NULL)). Signed-off-by: Jesper Juhl <jj@chaosbits.net> --- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) No hardware to test, so compile tested only.