| Message ID | 1470404809-16658-1-git-send-email-weiyj.lk@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On 8/5/2016 4:46 PM, Wei Yongjun wrote: > 'work' and 'route->path_rec' are malloced in cma_resolve_iboe_route() > and should be freed before leaving from the error handling cases, > otherwise it will cause memory leak. > > Fixes: 200298326b27 ('IB/core: Validate route when we init ah') > Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com> Reviewed-by: Haggai Eran <haggaie@mellanox.com> By the way, what happens when someone moves the get_netdev() device to network namespace other than init_net? I don't think that would work correctly. -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 8/7/2016 12:49 AM, Haggai Eran wrote: > On 8/5/2016 4:46 PM, Wei Yongjun wrote: >> 'work' and 'route->path_rec' are malloced in cma_resolve_iboe_route() >> and should be freed before leaving from the error handling cases, >> otherwise it will cause memory leak. >> >> Fixes: 200298326b27 ('IB/core: Validate route when we init ah') >> Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com> > > Reviewed-by: Haggai Eran <haggaie@mellanox.com> Thanks, applied. > By the way, what happens when someone moves the get_netdev() device to > network namespace other than init_net? I don't think that would work > correctly. I suspect you're right. The entire RDMA stack will need an audit for init_net misuses before containers are a real item I think.
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index e6dfa1b..5f65a78 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -2462,18 +2462,24 @@ static int cma_resolve_iboe_route(struct rdma_id_private *id_priv) if (addr->dev_addr.bound_dev_if) { ndev = dev_get_by_index(&init_net, addr->dev_addr.bound_dev_if); - if (!ndev) - return -ENODEV; + if (!ndev) { + ret = -ENODEV; + goto err2; + } if (ndev->flags & IFF_LOOPBACK) { dev_put(ndev); - if (!id_priv->id.device->get_netdev) - return -EOPNOTSUPP; + if (!id_priv->id.device->get_netdev) { + ret = -EOPNOTSUPP; + goto err2; + } ndev = id_priv->id.device->get_netdev(id_priv->id.device, id_priv->id.port_num); - if (!ndev) - return -ENODEV; + if (!ndev) { + ret = -ENODEV; + goto err2; + } } route->path_rec->net = &init_net;
'work' and 'route->path_rec' are malloced in cma_resolve_iboe_route() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: 200298326b27 ('IB/core: Validate route when we init ah') Signed-off-by: Wei Yongjun <weiyj.lk@gmail.com> --- drivers/infiniband/core/cma.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html