On 2/21/18 7:40 PM, Eric Dumazet wrote:
On Tue, 2018-02-13 at 19:17 -0800, Alexei Starovoitov wrote:
On Tue, Feb 13, 2018 at 07:00:21PM -0800, Yonghong Song wrote:
There is a memory leak happening in lpm_trie map_free callback
function trie_free. The trie structure itself does not get freed.
Also, trie_free function did not do synchronize_rcu before freeing
various data structures. This is incorrect as some rcu_read_lock
region(s) for lookup, update, delete or get_next_key may not complete yet.
The fix is to add synchronize_rcu in the beginning of trie_free.
The useless spin_lock is removed from this function as well.
Fixes: b95a5c4db09b ("bpf: add a longest prefix match trie map implementation")
Reported-by: Mathieu Malaterre <ma...@debian.org>
Reported-by: Alexei Starovoitov <a...@kernel.org>
Tested-by: Mathieu Malaterre <ma...@debian.org>
Signed-off-by: Yonghong Song <y...@fb.com>
---
kernel/bpf/lpm_trie.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
v1->v2:
Make comments more precise and make label name more appropriate,
as suggested by Daniel
Applied to bpf tree, Thanks Yonghong.
This does not look good.
LOCKDEP surely should complain to
node = rcu_dereference_protected(*slot, lockdep_is_held(&trie->lock));
Since we no longer hold trie->lock
Eric,
Thanks for spotting this issue. Will fix this issue soon.
Yonghong
