| Message ID | 20210702001123.728035-2-john.fastabend@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | potential sockmap memleak and proc stats fix | expand |
On Thu, Jul 1, 2021 at 5:12 PM John Fastabend <john.fastabend@gmail.com> wrote: > > If skb_linearize is needed and fails we could leak a msg on the error > handling. To fix ensure we kfree the msg block before returning error. > Found during code review. > > Fixes: 4363023d2668e ("bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list") > Signed-off-by: John Fastabend <john.fastabend@gmail.com> > --- > net/core/skmsg.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/core/skmsg.c b/net/core/skmsg.c > index 9b6160a191f8..22603289c2b2 100644 > --- a/net/core/skmsg.c > +++ b/net/core/skmsg.c > @@ -505,8 +505,10 @@ static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb, > * drop the skb. We need to linearize the skb so that the mapping > * in skb_to_sgvec can not error. > */ > - if (skb_linearize(skb)) > + if (skb_linearize(skb)) { > + kfree(msg); > return -EAGAIN; > + } > num_sge = skb_to_sgvec(skb, msg->sg.data, 0, skb->len); > if (unlikely(num_sge < 0)) { > kfree(msg); I think it is better to let whoever allocates msg free it, IOW, let sk_psock_skb_ingress_enqueue()'s callers handle its failure. Thanks.
diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 9b6160a191f8..22603289c2b2 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -505,8 +505,10 @@ static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb, * drop the skb. We need to linearize the skb so that the mapping * in skb_to_sgvec can not error. */ - if (skb_linearize(skb)) + if (skb_linearize(skb)) { + kfree(msg); return -EAGAIN; + } num_sge = skb_to_sgvec(skb, msg->sg.data, 0, skb->len); if (unlikely(num_sge < 0)) { kfree(msg);
If skb_linearize is needed and fails we could leak a msg on the error handling. To fix ensure we kfree the msg block before returning error. Found during code review. Fixes: 4363023d2668e ("bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list") Signed-off-by: John Fastabend <john.fastabend@gmail.com> --- net/core/skmsg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)