Re: [PATCH] net: ifb error path loop fix
From: Mariusz Kozlowski <[EMAIL PROTECTED]> Date: Tue, 2 Jan 2007 11:49:42 +0100 > Hello David, > > > One could argue from a defensive programming perspective that > > this bug comes from the fact that the ifb_init_one() loop > > advances state before checking for errors ('i' is advanced before > > the 'err' check due to the loop construct), and that's why the > > error recovery code had to be coded specially :-) > > Now when I look at it I might be wrong and it is not a bug at all. > It's just coded in weird way. Anyway isn't there kfree(ifbs) missing > on error path? > > The patch below should clear things a bit (against plain 2.6.20-rc2-mm1). > > Signed-off-by: Mariusz Kozlowski <[EMAIL PROTECTED]> Ok, I've removed the original patch from my tree. I'll let this cleanup sit for a while so others can review it :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: ifb error path loop fix
Hello David, > One could argue from a defensive programming perspective that > this bug comes from the fact that the ifb_init_one() loop > advances state before checking for errors ('i' is advanced before > the 'err' check due to the loop construct), and that's why the > error recovery code had to be coded specially :-) Now when I look at it I might be wrong and it is not a bug at all. It's just coded in weird way. Anyway isn't there kfree(ifbs) missing on error path? The patch below should clear things a bit (against plain 2.6.20-rc2-mm1). Signed-off-by: Mariusz Kozlowski <[EMAIL PROTECTED]> drivers/net/ifb.c | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) --- linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c2006-12-24 05:00:32.0 +0100 +++ linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c2007-01-02 11:35:48.0 +0100 @@ -264,18 +264,22 @@ static void ifb_free_one(int index) static int __init ifb_init_module(void) { - int i, err = 0; + int i, err; + ifbs = kmalloc(numifbs * sizeof(void *), GFP_KERNEL); if (!ifbs) return -ENOMEM; - for (i = 0; i < numifbs && !err; i++) + for (i = 0; i < numifbs; i++) { err = ifb_init_one(i); - if (err) { - i--; - while (--i >= 0) - ifb_free_one(i); + if (err) + goto err; } + return 0; +err: + while (i--) + ifb_free_one(i); + kfree(ifbs); return err; } -- Regards, Mariusz Kozlowski - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: ifb error path loop fix
On 02-01-2007 08:51, David Miller wrote: > From: Mariusz Kozlowski <[EMAIL PROTECTED]> > Date: Tue, 2 Jan 2007 00:55:51 +0100 > >> On error we should start freeing resources at [i-1] not [i-2]. >> >> Signed-off-by: Mariusz Kozlowski <[EMAIL PROTECTED]> > > Patch applied, thanks Mariusz. > >> diff -upr linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c >> linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c >> --- linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c 2006-12-24 05:00:32.0 >> +0100 >> +++ linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c 2007-01-02 00:25:34.0 >> +0100 >> @@ -271,8 +271,7 @@ static int __init ifb_init_module(void) >> for (i = 0; i < numifbs && !err; i++) >> err = ifb_init_one(i); >> if (err) { >> -i--; >> -while (--i >= 0) >> +while (i--) >> ifb_free_one(i); >> } After this patch: for (i = 0 ...); // i == 0 err = ifb_init_one(i); // err != 0 i++; // i == 1 for (... !err ...); // break if (err) { while (i--) // i == 1 (when testing) ifb_free_one(i); // i == 0 (not initialized) } Btw. wasn't this place patched yet? Regards, Jarek P. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] net: ifb error path loop fix
From: Mariusz Kozlowski <[EMAIL PROTECTED]> Date: Tue, 2 Jan 2007 00:55:51 +0100 > On error we should start freeing resources at [i-1] not [i-2]. > > Signed-off-by: Mariusz Kozlowski <[EMAIL PROTECTED]> Patch applied, thanks Mariusz. > diff -upr linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c > linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c > --- linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c 2006-12-24 05:00:32.0 > +0100 > +++ linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c 2007-01-02 00:25:34.0 > +0100 > @@ -271,8 +271,7 @@ static int __init ifb_init_module(void) > for (i = 0; i < numifbs && !err; i++) > err = ifb_init_one(i); > if (err) { > - i--; > - while (--i >= 0) > + while (i--) > ifb_free_one(i); > } One could argue from a defensive programming perspective that this bug comes from the fact that the ifb_init_one() loop advances state before checking for errors ('i' is advanced before the 'err' check due to the loop construct), and that's why the error recovery code had to be coded specially :-) Anyways, your fix is of course fine and I've applied it. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html