Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()

Thu, 10 Aug 2006 15:19:39 -0700 

On 05/08/06, David Miller <[EMAIL PROTECTED]> wrote:

From: "Jesper Juhl" <[EMAIL PROTECTED]>
Date: Sat, 5 Aug 2006 01:30:49 +0200

> On 31/07/06, David Miller <[EMAIL PROTECTED]> wrote:
> > From: "Jesper Juhl" <[EMAIL PROTECTED]>
> > Date: Sun, 30 Jul 2006 23:51:20 +0200
> >
> > > Looks ok to me.
> >
> > I've applied James's version of the fix, thanks everyone.
> >
> Hmm, if you are refering to commit
> 118075b3cdc90e0815362365f3fc64d672ace0d6 -
> 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=118075b3cdc90e0815362365f3fc64d672ace0d6
> then I think a mistake has crept in. That commit only initializes
> 'cnt' to 0 - I don't see how that would fix the leak - looks like you
> forgot the business end of the patch...

See the commit right before that, the initialize of cnt to
zero is just to fix a compiler warning that resulted from
James's version of the fix.



Hmm, perhaps I'm going blind, but I don't see it.

The commit right before the one I linked to above is completely
unrelated : "[ATALK]: Make CONFIG_DEV_APPLETALK a tristate."
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9cac2c35e26cc44978df654306bb92d7cfe7e2de

And if I download 2.6.18-rc4 the tcpprobe_read() function (still)
looks like this :


static ssize_t tcpprobe_read(struct file *file, char __user *buf,
                            size_t len, loff_t *ppos)
{
       int error = 0, cnt = 0;
       unsigned char *tbuf;

       if (!buf || len < 0)
               return -EINVAL;

       if (len == 0)
               return 0;

       tbuf = vmalloc(len);
       if (!tbuf)
               return -ENOMEM;

       error = wait_event_interruptible(tcpw.wait,
                                        __kfifo_len(tcpw.fifo) != 0);
       if (error)
               return error;

       cnt = kfifo_get(tcpw.fifo, tbuf, len);
       error = copy_to_user(buf, tbuf, cnt);

       vfree(tbuf);

       return error ? error : cnt;
}


That function still contains the 'tbuf' leak.

I also couldn't find the fix in your git trees at
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=summary


So either I'm going blind or a mistake has been made getting the fix
into mainline...


--
Jesper Juhl <[EMAIL PROTECTED]>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to