diff mbox series

[net,v2] net/smc: fix neighbour and rtable leak in smc_ib_find_route()

Message ID 20240507125331.2808-1-guwen@linux.alibaba.com (mailing list archive)
State Accepted
Commit 2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06
Delegated to: Netdev Maintainers
Headers show
Series [net,v2] net/smc: fix neighbour and rtable leak in smc_ib_find_route() | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 926 this patch: 926
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 11 of 11 maintainers
netdev/build_clang success Errors and warnings before: 937 this patch: 937
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 937 this patch: 937
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 25 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-05-08--03-00 (tests: 1005)

Commit Message

Wen Gu May 7, 2024, 12:53 p.m. UTC 
In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable
resolved by ip_route_output_flow() are not released or put before return.
It may cause the refcount leak, so fix it.

Link: https://lore.kernel.org/r/20240506015439.108739-1-guwen@linux.alibaba.com
Fixes: e5c4744cfb59 ("net/smc: add SMC-Rv2 connection establishment")
Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
---
v2->v1
- call ip_rt_put() to release rt as well.
---
 net/smc/smc_ib.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

Comments

Wenjia Zhang May 7, 2024, 1:12 p.m. UTC | #1 
On 07.05.24 14:53, Wen Gu wrote:
> In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable
> resolved by ip_route_output_flow() are not released or put before return.
> It may cause the refcount leak, so fix it.
> 
> Link: https://lore.kernel.org/r/20240506015439.108739-1-guwen@linux.alibaba.com
> Fixes: e5c4744cfb59 ("net/smc: add SMC-Rv2 connection establishment")
> Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
> ---
> v2->v1
> - call ip_rt_put() to release rt as well.
> ---
>   net/smc/smc_ib.c | 19 ++++++++++++-------
>   1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/net/smc/smc_ib.c b/net/smc/smc_ib.c
> index 97704a9e84c7..9297dc20bfe2 100644
> --- a/net/smc/smc_ib.c
> +++ b/net/smc/smc_ib.c
> @@ -209,13 +209,18 @@ int smc_ib_find_route(struct net *net, __be32 saddr, __be32 daddr,
>   	if (IS_ERR(rt))
>   		goto out;
>   	if (rt->rt_uses_gateway && rt->rt_gw_family != AF_INET)
> -		goto out;
> -	neigh = rt->dst.ops->neigh_lookup(&rt->dst, NULL, &fl4.daddr);
> -	if (neigh) {
> -		memcpy(nexthop_mac, neigh->ha, ETH_ALEN);
> -		*uses_gateway = rt->rt_uses_gateway;
> -		return 0;
> -	}
> +		goto out_rt;
> +	neigh = dst_neigh_lookup(&rt->dst, &fl4.daddr);
> +	if (!neigh)
> +		goto out_rt;
> +	memcpy(nexthop_mac, neigh->ha, ETH_ALEN);
> +	*uses_gateway = rt->rt_uses_gateway;
> +	neigh_release(neigh);
> +	ip_rt_put(rt);
> +	return 0;
> +
> +out_rt:
> +	ip_rt_put(rt);
>   out:
>   	return -ENOENT;
>   }

Thank you for fixing it!

Reviewed-and-tested-by: Wenjia Zhang <wenjia@linux.ibm.com>
patchwork-bot+netdevbpf@kernel.org May 9, 2024, 8:20 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Tue,  7 May 2024 20:53:31 +0800 you wrote:
> In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable
> resolved by ip_route_output_flow() are not released or put before return.
> It may cause the refcount leak, so fix it.
> 
> Link: https://lore.kernel.org/r/20240506015439.108739-1-guwen@linux.alibaba.com
> Fixes: e5c4744cfb59 ("net/smc: add SMC-Rv2 connection establishment")
> Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
> 
> [...]

Here is the summary with links:
  - [net,v2] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
    https://git.kernel.org/netdev/net/c/2ddc0dd7fec8

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/smc/smc_ib.c b/net/smc/smc_ib.c
index 97704a9e84c7..9297dc20bfe2 100644
--- a/net/smc/smc_ib.c
+++ b/net/smc/smc_ib.c
@@ -209,13 +209,18 @@  int smc_ib_find_route(struct net *net, __be32 saddr, __be32 daddr,
 	if (IS_ERR(rt))
 		goto out;
 	if (rt->rt_uses_gateway && rt->rt_gw_family != AF_INET)
-		goto out;
-	neigh = rt->dst.ops->neigh_lookup(&rt->dst, NULL, &fl4.daddr);
-	if (neigh) {
-		memcpy(nexthop_mac, neigh->ha, ETH_ALEN);
-		*uses_gateway = rt->rt_uses_gateway;
-		return 0;
-	}
+		goto out_rt;
+	neigh = dst_neigh_lookup(&rt->dst, &fl4.daddr);
+	if (!neigh)
+		goto out_rt;
+	memcpy(nexthop_mac, neigh->ha, ETH_ALEN);
+	*uses_gateway = rt->rt_uses_gateway;
+	neigh_release(neigh);
+	ip_rt_put(rt);
+	return 0;
+
+out_rt:
+	ip_rt_put(rt);
 out:
 	return -ENOENT;
 }