| Message ID | 20230407012626.45500-1-chenaotian2@163.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ieee802154: hwsim: Fix possible memory leaks | expand |
Hi Chen, chenaotian2@163.com wrote on Fri, 7 Apr 2023 09:26:26 +0800: > After replacing e->info, it is necessary to free the old einfo. > > Signed-off-by: Chen Aotian <chenaotian2@163.com> > --- > drivers/net/ieee802154/mac802154_hwsim.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > index 8445c2189..6e7e10b17 100644 > --- a/drivers/net/ieee802154/mac802154_hwsim.c > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > { > struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; > - struct hwsim_edge_info *einfo; > + struct hwsim_edge_info *einfo, *einfo_old; > struct hwsim_phy *phy_v0; > struct hwsim_edge *e; > u32 v0, v1; > @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > list_for_each_entry_rcu(e, &phy_v0->edges, list) { > if (e->endpoint->idx == v1) { > einfo->lqi = lqi; > + einfo_old = rcu_dereference(e->info); > rcu_assign_pointer(e->info, einfo); > rcu_read_unlock(); > + kfree_rcu(einfo_old, rcu); > mutex_unlock(&hwsim_phys_lock); > return 0; > } I'm not an RCU expert but the fix LGTM. Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> What about adding: Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Cc: stable@vger.kernelorg Thanks, Miquèl
> miquel.raynal@bootlin.com wrote on Date: Fri, 7 Apr 2023 10:01:48 +0200: > > chenaotian2@163.com wrote on Fri, 7 Apr 2023 09:26:26 +0800: > > After replacing e->info, it is necessary to free the old einfo. > > > > Signed-off-by: Chen Aotian <chenaotian2@163.com> > > --- > > drivers/net/ieee802154/mac802154_hwsim.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > > index 8445c2189..6e7e10b17 100644 > > --- a/drivers/net/ieee802154/mac802154_hwsim.c > > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > > @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > > static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > > { > > struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; > > - struct hwsim_edge_info *einfo; > > + struct hwsim_edge_info *einfo, *einfo_old; > > struct hwsim_phy *phy_v0; > > struct hwsim_edge *e; > > u32 v0, v1; > > @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > > list_for_each_entry_rcu(e, &phy_v0->edges, list) { > > if (e->endpoint->idx == v1) { > > einfo->lqi = lqi; > > + einfo_old = rcu_dereference(e->info); > > rcu_assign_pointer(e->info, einfo); > > rcu_read_unlock(); > > + kfree_rcu(einfo_old, rcu); > > mutex_unlock(&hwsim_phys_lock); > > return 0; > > } > > I'm not an RCU expert but the fix LGTM. > What about adding: > Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") > Cc: stable@vger.kernelorg Sure, I will resend this patch soon with adding those Thanks, Chen
diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c index 8445c2189..6e7e10b17 100644 --- a/drivers/net/ieee802154/mac802154_hwsim.c +++ b/drivers/net/ieee802154/mac802154_hwsim.c @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) { struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; - struct hwsim_edge_info *einfo; + struct hwsim_edge_info *einfo, *einfo_old; struct hwsim_phy *phy_v0; struct hwsim_edge *e; u32 v0, v1; @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) list_for_each_entry_rcu(e, &phy_v0->edges, list) { if (e->endpoint->idx == v1) { einfo->lqi = lqi; + einfo_old = rcu_dereference(e->info); rcu_assign_pointer(e->info, einfo); rcu_read_unlock(); + kfree_rcu(einfo_old, rcu); mutex_unlock(&hwsim_phys_lock); return 0; }
After replacing e->info, it is necessary to free the old einfo. Signed-off-by: Chen Aotian <chenaotian2@163.com> --- drivers/net/ieee802154/mac802154_hwsim.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)