diff mbox series

[ovs-dev,v3] dpif-netlink: Fix memory leak dpif_netlink_open().

Message ID 1682070478-23812-1-git-send-email-wangyunjian@huawei.com
State Superseded
Headers show
Series [ovs-dev,v3] dpif-netlink: Fix memory leak dpif_netlink_open(). | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation success test: success

Commit Message

Yunjian Wang April 21, 2023, 9:47 a.m. UTC 
In the specific call to dpif_netlink_dp_transact() (line 398) in
dpif_netlink_open(), the 'dp' content is not being used in the branch
when no error is returned (starting line 430). Furthermore, the 'dp'
and 'buf' variables are overwritten later in this same branch when a
new netlink request is sent (line 437), which results in a memory leak.

Reported by Address Sanitizer.

Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
    #0 0x7fe09d3bfe70 in __interceptor_malloc (/usr/lib64/libasan.so.4+0xe0e70)
    #1 0x8759be in xmalloc__ lib/util.c:140
    #2 0x875a9a in xmalloc lib/util.c:175
    #3 0x7ba0d2 in ofpbuf_init lib/ofpbuf.c:141
    #4 0x7ba1d6 in ofpbuf_new lib/ofpbuf.c:169
    #5 0x9057f9 in nl_sock_transact lib/netlink-socket.c:1113
    #6 0x907a7e in nl_transact lib/netlink-socket.c:1817
    #7 0x8b5abe in dpif_netlink_dp_transact lib/dpif-netlink.c:5007
    #8 0x89a6b5 in dpif_netlink_open lib/dpif-netlink.c:398
    #9 0x5de16f in do_open lib/dpif.c:348
    #10 0x5de69a in dpif_open lib/dpif.c:393
    #11 0x5de71f in dpif_create_and_open lib/dpif.c:419
    #12 0x47b918 in open_dpif_backer ofproto/ofproto-dpif.c:764
    #13 0x483e4a in construct ofproto/ofproto-dpif.c:1658
    #14 0x441644 in ofproto_create ofproto/ofproto.c:556
    #15 0x40ba5a in bridge_reconfigure vswitchd/bridge.c:885
    #16 0x41f1a9 in bridge_run vswitchd/bridge.c:3313
    #17 0x42d4fb in main vswitchd/ovs-vswitchd.c:132
    #18 0x7fe09cc03c86 in __libc_start_main (/usr/lib64/libc.so.6+0x25c86)

Fixes: b841e3cd4a28 ("dpif-netlink: Fix feature negotiation for older kernels.")
Suggested-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 v3: update commit log
---
 lib/dpif-netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Simon Horman April 21, 2023, 1:26 p.m. UTC | #1 
On Fri, Apr 21, 2023 at 05:47:58PM +0800, Yunjian Wang wrote:
> In the specific call to dpif_netlink_dp_transact() (line 398) in
> dpif_netlink_open(), the 'dp' content is not being used in the branch
> when no error is returned (starting line 430). Furthermore, the 'dp'
> and 'buf' variables are overwritten later in this same branch when a
> new netlink request is sent (line 437), which results in a memory leak.
> 
> Reported by Address Sanitizer.
> 
> Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
>     #0 0x7fe09d3bfe70 in __interceptor_malloc (/usr/lib64/libasan.so.4+0xe0e70)
>     #1 0x8759be in xmalloc__ lib/util.c:140
>     #2 0x875a9a in xmalloc lib/util.c:175
>     #3 0x7ba0d2 in ofpbuf_init lib/ofpbuf.c:141
>     #4 0x7ba1d6 in ofpbuf_new lib/ofpbuf.c:169
>     #5 0x9057f9 in nl_sock_transact lib/netlink-socket.c:1113
>     #6 0x907a7e in nl_transact lib/netlink-socket.c:1817
>     #7 0x8b5abe in dpif_netlink_dp_transact lib/dpif-netlink.c:5007
>     #8 0x89a6b5 in dpif_netlink_open lib/dpif-netlink.c:398
>     #9 0x5de16f in do_open lib/dpif.c:348
>     #10 0x5de69a in dpif_open lib/dpif.c:393
>     #11 0x5de71f in dpif_create_and_open lib/dpif.c:419
>     #12 0x47b918 in open_dpif_backer ofproto/ofproto-dpif.c:764
>     #13 0x483e4a in construct ofproto/ofproto-dpif.c:1658
>     #14 0x441644 in ofproto_create ofproto/ofproto.c:556
>     #15 0x40ba5a in bridge_reconfigure vswitchd/bridge.c:885
>     #16 0x41f1a9 in bridge_run vswitchd/bridge.c:3313
>     #17 0x42d4fb in main vswitchd/ovs-vswitchd.c:132
>     #18 0x7fe09cc03c86 in __libc_start_main (/usr/lib64/libc.so.6+0x25c86)
> 
> Fixes: b841e3cd4a28 ("dpif-netlink: Fix feature negotiation for older kernels.")
> Suggested-by: David Marchand <david.marchand@redhat.com>
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  v3: update commit log

Thanks for the update.

Reviewed-by: Simon Horman <simon.horman@corigine.com>
David Marchand April 24, 2023, 8:19 a.m. UTC | #2 
Hello,

On Fri, Apr 21, 2023 at 11:48 AM Yunjian Wang <wangyunjian@huawei.com> wrote:
>
> In the specific call to dpif_netlink_dp_transact() (line 398) in
> dpif_netlink_open(), the 'dp' content is not being used in the branch
> when no error is returned (starting line 430). Furthermore, the 'dp'
> and 'buf' variables are overwritten later in this same branch when a
> new netlink request is sent (line 437), which results in a memory leak.
>
> Reported by Address Sanitizer.
>
> Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
>     #0 0x7fe09d3bfe70 in __interceptor_malloc (/usr/lib64/libasan.so.4+0xe0e70)
>     #1 0x8759be in xmalloc__ lib/util.c:140
>     #2 0x875a9a in xmalloc lib/util.c:175
>     #3 0x7ba0d2 in ofpbuf_init lib/ofpbuf.c:141
>     #4 0x7ba1d6 in ofpbuf_new lib/ofpbuf.c:169
>     #5 0x9057f9 in nl_sock_transact lib/netlink-socket.c:1113
>     #6 0x907a7e in nl_transact lib/netlink-socket.c:1817
>     #7 0x8b5abe in dpif_netlink_dp_transact lib/dpif-netlink.c:5007
>     #8 0x89a6b5 in dpif_netlink_open lib/dpif-netlink.c:398
>     #9 0x5de16f in do_open lib/dpif.c:348
>     #10 0x5de69a in dpif_open lib/dpif.c:393
>     #11 0x5de71f in dpif_create_and_open lib/dpif.c:419
>     #12 0x47b918 in open_dpif_backer ofproto/ofproto-dpif.c:764
>     #13 0x483e4a in construct ofproto/ofproto-dpif.c:1658
>     #14 0x441644 in ofproto_create ofproto/ofproto.c:556
>     #15 0x40ba5a in bridge_reconfigure vswitchd/bridge.c:885
>     #16 0x41f1a9 in bridge_run vswitchd/bridge.c:3313
>     #17 0x42d4fb in main vswitchd/ovs-vswitchd.c:132
>     #18 0x7fe09cc03c86 in __libc_start_main (/usr/lib64/libc.so.6+0x25c86)
>
> Fixes: b841e3cd4a28 ("dpif-netlink: Fix feature negotiation for older kernels.")
> Suggested-by: David Marchand <david.marchand@redhat.com>

I only suggested a change in the patch as I was reviewing it.
I'd prefer this is replaced with Reviewed-by: (and I confirm the patch lgtm).

> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>

Thanks.
Yunjian Wang April 24, 2023, 11:52 a.m. UTC | #3 
> -----Original Message-----
> From: David Marchand [mailto:david.marchand@redhat.com]
> Sent: Monday, April 24, 2023 4:20 PM
> To: wangyunjian <wangyunjian@huawei.com>
> Cc: dev@openvswitch.org; i.maximets@ovn.org; luyicai
> <luyicai@huawei.com>; simon.horman@corigine.com
> Subject: Re: [ovs-dev] [PATCH v3] dpif-netlink: Fix memory leak
> dpif_netlink_open().
> 
> Hello,
> 
> On Fri, Apr 21, 2023 at 11:48 AM Yunjian Wang <wangyunjian@huawei.com>
> wrote:
> >
> > In the specific call to dpif_netlink_dp_transact() (line 398) in
> > dpif_netlink_open(), the 'dp' content is not being used in the branch
> > when no error is returned (starting line 430). Furthermore, the 'dp'
> > and 'buf' variables are overwritten later in this same branch when a
> > new netlink request is sent (line 437), which results in a memory leak.
> >
> > Reported by Address Sanitizer.
> >
> > Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
> >     #0 0x7fe09d3bfe70 in __interceptor_malloc
> (/usr/lib64/libasan.so.4+0xe0e70)
> >     #1 0x8759be in xmalloc__ lib/util.c:140
> >     #2 0x875a9a in xmalloc lib/util.c:175
> >     #3 0x7ba0d2 in ofpbuf_init lib/ofpbuf.c:141
> >     #4 0x7ba1d6 in ofpbuf_new lib/ofpbuf.c:169
> >     #5 0x9057f9 in nl_sock_transact lib/netlink-socket.c:1113
> >     #6 0x907a7e in nl_transact lib/netlink-socket.c:1817
> >     #7 0x8b5abe in dpif_netlink_dp_transact lib/dpif-netlink.c:5007
> >     #8 0x89a6b5 in dpif_netlink_open lib/dpif-netlink.c:398
> >     #9 0x5de16f in do_open lib/dpif.c:348
> >     #10 0x5de69a in dpif_open lib/dpif.c:393
> >     #11 0x5de71f in dpif_create_and_open lib/dpif.c:419
> >     #12 0x47b918 in open_dpif_backer ofproto/ofproto-dpif.c:764
> >     #13 0x483e4a in construct ofproto/ofproto-dpif.c:1658
> >     #14 0x441644 in ofproto_create ofproto/ofproto.c:556
> >     #15 0x40ba5a in bridge_reconfigure vswitchd/bridge.c:885
> >     #16 0x41f1a9 in bridge_run vswitchd/bridge.c:3313
> >     #17 0x42d4fb in main vswitchd/ovs-vswitchd.c:132
> >     #18 0x7fe09cc03c86 in __libc_start_main
> > (/usr/lib64/libc.so.6+0x25c86)
> >
> > Fixes: b841e3cd4a28 ("dpif-netlink: Fix feature negotiation for older
> > kernels.")
> > Suggested-by: David Marchand <david.marchand@redhat.com>
> 
> I only suggested a change in the patch as I was reviewing it.
> I'd prefer this is replaced with Reviewed-by: (and I confirm the patch lgtm).

OK, I will update it.

Thanks,
Yunjian


> 
> > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> 
> Thanks.
> 
> 
> --
> David Marchand
diff mbox series

Patch

diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index de0711277..60bd39643 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -395,7 +395,7 @@  dpif_netlink_open(const struct dpif_class *class OVS_UNUSED, const char *name,
     dp_request.user_features |= OVS_DP_F_UNALIGNED;
     dp_request.user_features |= OVS_DP_F_VPORT_PIDS;
     dp_request.user_features |= OVS_DP_F_UNSUPPORTED;
-    error = dpif_netlink_dp_transact(&dp_request, &dp, &buf);
+    error = dpif_netlink_dp_transact(&dp_request, NULL, NULL);
     if (error) {
         /* The Open vSwitch kernel module has two modes for dispatching
          * upcalls: per-vport and per-cpu.