Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
From: Stephen Hemminger <[EMAIL PROTECTED]> Date: Thu, 10 Aug 2006 16:52:16 -0700 > Dave, here is my version... > Don't leak memory on interrupted read. And only allocate > as much memory as needed. > > Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]> I think I'm going to go with James's safe original fix for now, thanks. commit a7fc5b24a4921a6582ce47c0faf3a31858a80468 Author: David S. Miller <[EMAIL PROTECTED]> Date: Thu Aug 10 16:53:33 2006 -0700 [TCP]: Fix botched memory leak fix to tcpprobe_read(). Somehow I clobbered James's original fix and only my subsequent compiler warning change went in for that changeset. Get the real fix in there. Noticed by Jesper Juhl. Signed-off-by: David S. Miller <[EMAIL PROTECTED]> diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index b343532..dab37d2 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -130,11 +130,12 @@ static ssize_t tcpprobe_read(struct file error = wait_event_interruptible(tcpw.wait, __kfifo_len(tcpw.fifo) != 0); if (error) - return error; + goto out_free; cnt = kfifo_get(tcpw.fifo, tbuf, len); error = copy_to_user(buf, tbuf, cnt); +out_free: vfree(tbuf); return error ? error : cnt; - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
Dave, here is my version... Don't leak memory on interrupted read. And only allocate as much memory as needed. Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]> --- linux-2.6.orig/net/ipv4/tcp_probe.c 2006-08-10 16:32:36.0 -0700 +++ linux-2.6/net/ipv4/tcp_probe.c 2006-08-10 16:45:30.0 -0700 @@ -114,7 +114,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf, size_t len, loff_t *ppos) { - int error = 0, cnt = 0; + int error, cnt; unsigned char *tbuf; if (!buf || len < 0) @@ -123,15 +123,16 @@ if (len == 0) return 0; - tbuf = vmalloc(len); - if (!tbuf) - return -ENOMEM; - error = wait_event_interruptible(tcpw.wait, __kfifo_len(tcpw.fifo) != 0); if (error) return error; + len = min(len, kfifo_len(tcpw.fifo)); + tbuf = vmalloc(len); + if (!tbuf) + return -ENOMEM; + cnt = kfifo_get(tcpw.fifo, tbuf, len); error = copy_to_user(buf, tbuf, cnt); - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
From: "Jesper Juhl" <[EMAIL PROTECTED]> Date: Fri, 11 Aug 2006 00:18:44 +0200 > Hmm, perhaps I'm going blind, but I don't see it. I definitely screwed that changeset up somehow. Thanks for catching this. Somehow James's fix got clobbered into just my subsequent warning fix, like this: commit 118075b3cdc90e0815362365f3fc64d672ace0d6 Author: James Morris <[EMAIL PROTECTED]> Date: Sun Jul 30 20:21:45 2006 -0700 [TCP]: fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() Based upon a patch by Jesper Juhl. Signed-off-by: James Morris <[EMAIL PROTECTED]> Acked-by: Stephen Hemminger <[EMAIL PROTECTED]> Acked-by: Jesper Juhl <[EMAIL PROTECTED]> Signed-off-by: David S. Miller <[EMAIL PROTECTED]> diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index d7d517a..b343532 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -114,7 +114,7 @@ static int tcpprobe_open(struct inode * static ssize_t tcpprobe_read(struct file *file, char __user *buf, size_t len, loff_t *ppos) { - int error = 0, cnt; + int error = 0, cnt = 0; unsigned char *tbuf; if (!buf || len < 0) Anyways, I'll fix this up, thanks again. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
On 05/08/06, David Miller <[EMAIL PROTECTED]> wrote: From: "Jesper Juhl" <[EMAIL PROTECTED]> Date: Sat, 5 Aug 2006 01:30:49 +0200 > On 31/07/06, David Miller <[EMAIL PROTECTED]> wrote: > > From: "Jesper Juhl" <[EMAIL PROTECTED]> > > Date: Sun, 30 Jul 2006 23:51:20 +0200 > > > > > Looks ok to me. > > > > I've applied James's version of the fix, thanks everyone. > > > Hmm, if you are refering to commit > 118075b3cdc90e0815362365f3fc64d672ace0d6 - > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=118075b3cdc90e0815362365f3fc64d672ace0d6 > then I think a mistake has crept in. That commit only initializes > 'cnt' to 0 - I don't see how that would fix the leak - looks like you > forgot the business end of the patch... See the commit right before that, the initialize of cnt to zero is just to fix a compiler warning that resulted from James's version of the fix. Hmm, perhaps I'm going blind, but I don't see it. The commit right before the one I linked to above is completely unrelated : "[ATALK]: Make CONFIG_DEV_APPLETALK a tristate." http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9cac2c35e26cc44978df654306bb92d7cfe7e2de And if I download 2.6.18-rc4 the tcpprobe_read() function (still) looks like this : static ssize_t tcpprobe_read(struct file *file, char __user *buf, size_t len, loff_t *ppos) { int error = 0, cnt = 0; unsigned char *tbuf; if (!buf || len < 0) return -EINVAL; if (len == 0) return 0; tbuf = vmalloc(len); if (!tbuf) return -ENOMEM; error = wait_event_interruptible(tcpw.wait, __kfifo_len(tcpw.fifo) != 0); if (error) return error; cnt = kfifo_get(tcpw.fifo, tbuf, len); error = copy_to_user(buf, tbuf, cnt); vfree(tbuf); return error ? error : cnt; } That function still contains the 'tbuf' leak. I also couldn't find the fix in your git trees at http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=summary So either I'm going blind or a mistake has been made getting the fix into mainline... -- Jesper Juhl <[EMAIL PROTECTED]> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please http://www.expita.com/nomime.html - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
From: "Jesper Juhl" <[EMAIL PROTECTED]> Date: Sat, 5 Aug 2006 01:30:49 +0200 > On 31/07/06, David Miller <[EMAIL PROTECTED]> wrote: > > From: "Jesper Juhl" <[EMAIL PROTECTED]> > > Date: Sun, 30 Jul 2006 23:51:20 +0200 > > > > > Looks ok to me. > > > > I've applied James's version of the fix, thanks everyone. > > > Hmm, if you are refering to commit > 118075b3cdc90e0815362365f3fc64d672ace0d6 - > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=118075b3cdc90e0815362365f3fc64d672ace0d6 > then I think a mistake has crept in. That commit only initializes > 'cnt' to 0 - I don't see how that would fix the leak - looks like you > forgot the business end of the patch... See the commit right before that, the initialize of cnt to zero is just to fix a compiler warning that resulted from James's version of the fix. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
On 31/07/06, David Miller <[EMAIL PROTECTED]> wrote: From: "Jesper Juhl" <[EMAIL PROTECTED]> Date: Sun, 30 Jul 2006 23:51:20 +0200 > Looks ok to me. I've applied James's version of the fix, thanks everyone. Hmm, if you are refering to commit 118075b3cdc90e0815362365f3fc64d672ace0d6 - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=118075b3cdc90e0815362365f3fc64d672ace0d6 then I think a mistake has crept in. That commit only initializes 'cnt' to 0 - I don't see how that would fix the leak - looks like you forgot the business end of the patch... The function still looks like this after that commit : 114 static ssize_t tcpprobe_read(struct file *file, char __user *buf, 115 size_t len, loff_t *ppos) 116 { 117 int error = 0, cnt = 0; 118 unsigned char *tbuf; 119 120 if (!buf || len < 0) 121 return -EINVAL; 122 123 if (len == 0) 124 return 0; 125 126 tbuf = vmalloc(len); 127 if (!tbuf) 128 return -ENOMEM; 129 130 error = wait_event_interruptible(tcpw.wait, 131 __kfifo_len(tcpw.fifo) != 0); 132 if (error) 133 return error; 134 ^^^--- we are still leaking 'tbuf' here. 135 cnt = kfifo_get(tcpw.fifo, tbuf, len); 136 error = copy_to_user(buf, tbuf, cnt); 137 138 vfree(tbuf); 139 140 return error ? error : cnt; 141 } -- Jesper Juhl <[EMAIL PROTECTED]> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please http://www.expita.com/nomime.html - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
From: "Jesper Juhl" <[EMAIL PROTECTED]> Date: Sun, 30 Jul 2006 23:51:20 +0200 > Looks ok to me. I've applied James's version of the fix, thanks everyone. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
On 30/07/06, James Morris <[EMAIL PROTECTED]> wrote: On Sun, 30 Jul 2006, Stephen Hemminger wrote: > On Sun, 30 Jul 2006 21:38:02 +0200 > Jesper Juhl <[EMAIL PROTECTED]> wrote: > > > There's an obvious memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() > > We are not freeing 'tbuf' on error. > > Patch below fixes that. > > > > > > Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]> > Agreed, thanks for catching it. The whole kfifo interface is kind of > annoying have to do an extra copy. Might be cleaner to make a single return path for cleanup: Signed-off-by: James Morris <[EMAIL PROTECTED]> Looks ok to me. -- Jesper Juhl <[EMAIL PROTECTED]> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please http://www.expita.com/nomime.html - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
On Sun, 30 Jul 2006, Stephen Hemminger wrote: > On Sun, 30 Jul 2006 21:38:02 +0200 > Jesper Juhl <[EMAIL PROTECTED]> wrote: > > > There's an obvious memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() > > We are not freeing 'tbuf' on error. > > Patch below fixes that. > > > > > > Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]> > Agreed, thanks for catching it. The whole kfifo interface is kind of > annoying have to do an extra copy. Might be cleaner to make a single return path for cleanup: Signed-off-by: James Morris <[EMAIL PROTECTED]> --- --- linux-2.6.18-rc2-mm1.o/net/ipv4/tcp_probe.c 2006-07-28 11:01:46.0 -0400 +++ linux-2.6.18-rc2-mm1.w/net/ipv4/tcp_probe.c 2006-07-30 17:45:53.0 -0400 @@ -130,11 +130,12 @@ static ssize_t tcpprobe_read(struct file error = wait_event_interruptible(tcpw.wait, __kfifo_len(tcpw.fifo) != 0); if (error) - return error; + goto out_free; cnt = kfifo_get(tcpw.fifo, tbuf, len); error = copy_to_user(buf, tbuf, cnt); +out_free: vfree(tbuf); return error ? error : cnt; - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
On Sun, 30 Jul 2006 21:38:02 +0200 Jesper Juhl <[EMAIL PROTECTED]> wrote: > There's an obvious memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() > We are not freeing 'tbuf' on error. > Patch below fixes that. > > > Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]> Agreed, thanks for catching it. The whole kfifo interface is kind of annoying have to do an extra copy. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] fix memory leak in net/ipv4/tcp_probe.c::tcpprobe_read()
There's an obvious memory leak in net/ipv4/tcp_probe.c::tcpprobe_read() We are not freeing 'tbuf' on error. Patch below fixes that. Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]> --- net/ipv4/tcp_probe.c |4 +++- 1 files changed, 3 insertions(+), 1 deletion(-) --- linux-2.6.18-rc3-orig/net/ipv4/tcp_probe.c 2006-07-30 13:21:53.0 +0200 +++ linux-2.6.18-rc3/net/ipv4/tcp_probe.c 2006-07-30 21:32:04.0 +0200 @@ -129,8 +129,10 @@ static ssize_t tcpprobe_read(struct file error = wait_event_interruptible(tcpw.wait, __kfifo_len(tcpw.fifo) != 0); - if (error) + if (error) { + vfree(tbuf); return error; + } cnt = kfifo_get(tcpw.fifo, tbuf, len); error = copy_to_user(buf, tbuf, cnt); - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html