Re: [PATCH v3,net-next 2/2] ip6_gre: fix potential memory leak in ip6erspan_rcv

2017-12-20 Thread David Miller 
From: Haishuang Yan 
Date: Wed, 20 Dec 2017 10:07:01 +0800

> If md is NULL, tun_dst must be freed, otherwise it will cause memory
> leak.
> 
> Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode")
> Cc: William Tu 
> Signed-off-by: Haishuang Yan 

Applied.

> @@ -550,8 +550,10 @@ static int ip6erspan_rcv(struct sk_buff *skb, int 
> gre_hdr_len,
>  
>   info = &tun_dst->u.tun_info;
>   md = ip_tunnel_info_opts(info);
> - if (!md)
> + if (!md) {
> + dst_release((struct dst_entry *)tun_dst);
>   return PACKET_REJECT;
> + }
>  
>   memcpy(md, pkt_md, sizeof(*md));

I agree with William that 'md' should never be NULL here, but that check 
existing
before your changes so removing it is a separate patch altogether.

Re: [PATCH v3,net-next 2/2] ip6_gre: fix potential memory leak in ip6erspan_rcv

2017-12-20 Thread William Tu 
On Tue, Dec 19, 2017 at 6:07 PM, Haishuang Yan
 wrote:
> If md is NULL, tun_dst must be freed, otherwise it will cause memory
> leak.
>
> Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode")
> Cc: William Tu 
> Signed-off-by: Haishuang Yan 
>
> ---
> Changes since v3:
>   * Rebase on latest master branch.
>   * Fix wrong commit information.
> ---
>  net/ipv6/ip6_gre.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index 9bd1103..45038a9 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -550,8 +550,10 @@ static int ip6erspan_rcv(struct sk_buff *skb, int 
> gre_hdr_len,
>
> info = &tun_dst->u.tun_info;
> md = ip_tunnel_info_opts(info);
> -   if (!md)
> +   if (!md) {
> +   dst_release((struct dst_entry *)tun_dst);
> return PACKET_REJECT;
isn't md allocated previously at
tun_dst = ipv6_tun_rx_dst(skb, flags, tun_id,
   sizeof(*md));
so md should never be null after we check tun_dst?
William

[PATCH v3,net-next 2/2] ip6_gre: fix potential memory leak in ip6erspan_rcv

2017-12-19 Thread Haishuang Yan 
If md is NULL, tun_dst must be freed, otherwise it will cause memory
leak.

Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode")
Cc: William Tu 
Signed-off-by: Haishuang Yan 

---
Changes since v3:
  * Rebase on latest master branch.
  * Fix wrong commit information.
---
 net/ipv6/ip6_gre.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 9bd1103..45038a9 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -550,8 +550,10 @@ static int ip6erspan_rcv(struct sk_buff *skb, int 
gre_hdr_len,
 
info = &tun_dst->u.tun_info;
md = ip_tunnel_info_opts(info);
-   if (!md)
+   if (!md) {
+   dst_release((struct dst_entry *)tun_dst);
return PACKET_REJECT;
+   }
 
memcpy(md, pkt_md, sizeof(*md));
md->version = ver;
-- 
1.8.3.1