net/sched/act_police.c:232 tcf_police_init() warn: possible memory leak of 'new'
From: Dan Carpenter
Date: Wed Nov 28 2018 - 04:28:42 EST
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: ef78e5ec9214376c5cb989f5da70b02d0c117b66
commit: f2cbd485282014132851bf37cb2ca624a456275d net/sched: act_police: fix race condition on state variables
smatch warnings:
net/sched/act_police.c:232 tcf_police_init() warn: possible memory leak of 'new'
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2cbd485282014132851bf37cb2ca624a456275d
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git remote update linus
git checkout f2cbd485282014132851bf37cb2ca624a456275d
vim +/new +232 net/sched/act_police.c
53b2bf3f8 net/sched/act_police.c Patrick McHardy 2008-01-23 82
2ac063474 net/sched/act_police.c Jamal Hadi Salim 2018-08-12 83 static int tcf_police_init(struct net *net, struct nlattr *nla,
a85a970af net/sched/act_police.c WANG Cong 2016-07-25 84 struct nlattr *est, struct tc_action **a,
789871bb2 net/sched/act_police.c Vlad Buslov 2018-07-05 85 int ovr, int bind, bool rtnl_held,
589dad6d7 net/sched/act_police.c Alexander Aring 2018-02-15 86 struct netlink_ext_ack *extack)
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 87 {
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 88 int ret = 0, err;
7ba699c60 net/sched/act_police.c Patrick McHardy 2008-01-22 89 struct nlattr *tb[TCA_POLICE_MAX + 1];
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 90 struct tc_police *parm;
e9ce1cd3c net/sched/act_police.c David S. Miller 2006-08-21 91 struct tcf_police *police;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 92 struct qdisc_rate_table *R_tab = NULL, *P_tab = NULL;
ddf97ccdd net/sched/act_police.c WANG Cong 2016-02-22 93 struct tc_action_net *tn = net_generic(net, police_net_id);
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 94 struct tcf_police_params *new;
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 95 bool exists = false;
1e9b3d533 net/sched/act_police.c Patrick McHardy 2006-11-30 96 int size;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 97
cee63723b net/sched/act_police.c Patrick McHardy 2008-01-23 98 if (nla == NULL)
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 99 return -EINVAL;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 100
fceb6435e net/sched/act_police.c Johannes Berg 2017-04-12 101 err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy, NULL);
cee63723b net/sched/act_police.c Patrick McHardy 2008-01-23 102 if (err < 0)
cee63723b net/sched/act_police.c Patrick McHardy 2008-01-23 103 return err;
cee63723b net/sched/act_police.c Patrick McHardy 2008-01-23 104
7ba699c60 net/sched/act_police.c Patrick McHardy 2008-01-22 105 if (tb[TCA_POLICE_TBF] == NULL)
1e9b3d533 net/sched/act_police.c Patrick McHardy 2006-11-30 106 return -EINVAL;
7ba699c60 net/sched/act_police.c Patrick McHardy 2008-01-22 107 size = nla_len(tb[TCA_POLICE_TBF]);
1e9b3d533 net/sched/act_police.c Patrick McHardy 2006-11-30 108 if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat))
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 109 return -EINVAL;
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 110
7ba699c60 net/sched/act_police.c Patrick McHardy 2008-01-22 111 parm = nla_data(tb[TCA_POLICE_TBF]);
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 112 err = tcf_idr_check_alloc(tn, &parm->index, a, bind);
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 113 if (err < 0)
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 114 return err;
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 115 exists = err;
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 116 if (exists && bind)
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 117 return 0;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 118
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 119 if (!exists) {
65a206c01 net/sched/act_police.c Chris Mi 2017-08-30 120 ret = tcf_idr_create(tn, parm->index, NULL, a,
93be42f91 net/sched/act_police.c Davide Caratti 2018-09-13 121 &act_police_ops, bind, true);
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 122 if (ret) {
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 123 tcf_idr_cleanup(tn, parm->index);
a03e6fe56 net/sched/act_police.c WANG Cong 2016-06-06 124 return ret;
0190c1d45 net/sched/act_police.c Vlad Buslov 2018-07-05 125 }
a03e6fe56 net/sched/act_police.c WANG Cong 2016-06-06 126 ret = ACT_P_CREATED;
4e8ddd7f1 net/sched/act_police.c Vlad Buslov 2018-07-05 127 } else if (!ovr) {
65a206c01 net/sched/act_police.c Chris Mi 2017-08-30 128 tcf_idr_release(*a, bind);
0852e4552 net/sched/act_police.c WANG Cong 2016-08-13 129 return -EEXIST;
e9ce1cd3c net/sched/act_police.c David S. Miller 2006-08-21 130 }
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 131
a85a970af net/sched/act_police.c WANG Cong 2016-07-25 132 police = to_police(*a);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 133 if (parm->rate.rate) {
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 134 err = -ENOMEM;
e9bc3fa28 net/sched/act_police.c Alexander Aring 2017-12-20 135 R_tab = qdisc_get_rtab(&parm->rate, tb[TCA_POLICE_RATE], NULL);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 136 if (R_tab == NULL)
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 137 goto failure;
c1b56878f net/sched/act_police.c Stephen Hemminger 2008-11-25 138
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 139 if (parm->peakrate.rate) {
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 140 P_tab = qdisc_get_rtab(&parm->peakrate,
e9bc3fa28 net/sched/act_police.c Alexander Aring 2017-12-20 141 tb[TCA_POLICE_PEAKRATE], NULL);
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 142 if (P_tab == NULL)
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 143 goto failure;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 144 }
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 145 }
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 146
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 147 if (est) {
93be42f91 net/sched/act_police.c Davide Caratti 2018-09-13 148 err = gen_replace_estimator(&police->tcf_bstats,
93be42f91 net/sched/act_police.c Davide Caratti 2018-09-13 149 police->common.cpu_bstats,
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 150 &police->tcf_rate_est,
edb09eb17 net/sched/act_police.c Eric Dumazet 2016-06-06 151 &police->tcf_lock,
edb09eb17 net/sched/act_police.c Eric Dumazet 2016-06-06 152 NULL, est);
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 153 if (err)
74030603d net/sched/act_police.c WANG Cong 2017-06-13 154 goto failure;
a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 155 } else if (tb[TCA_POLICE_AVRATE] &&
a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 156 (ret == ACT_P_CREATED ||
1c0d32fde net/sched/act_police.c Eric Dumazet 2016-12-04 157 !gen_estimator_active(&police->tcf_rate_est))) {
a883bf564 net/sched/act_police.c Jarek Poplawski 2009-03-04 158 err = -EINVAL;
74030603d net/sched/act_police.c WANG Cong 2017-06-13 159 goto failure;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 160 }
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 161
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 162 new = kzalloc(sizeof(*new), GFP_KERNEL);
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 163 if (unlikely(!new)) {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 164 err = -ENOMEM;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 165 goto failure;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 166 }
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 167
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 168 /* No failure allowed after this point */
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 169 new->tcfp_mtu = parm->mtu;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 170 if (!new->tcfp_mtu) {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 171 new->tcfp_mtu = ~0;
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 172 if (R_tab)
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 173 new->tcfp_mtu = 255 << R_tab->rate.cell_log;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 174 }
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 175 if (R_tab) {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 176 new->rate_present = true;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 177 psched_ratecfg_precompute(&new->rate, &R_tab->rate, 0);
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 178 qdisc_put_rtab(R_tab);
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 179 } else {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 180 new->rate_present = false;
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 181 }
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 182 if (P_tab) {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 183 new->peak_present = true;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 184 psched_ratecfg_precompute(&new->peak, &P_tab->rate, 0);
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 185 qdisc_put_rtab(P_tab);
c6d14ff11 net/sched/act_police.c Jiri Pirko 2013-02-12 186 } else {
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 187 new->peak_present = false;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 188 }
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 189
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 190 new->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 191 if (new->peak_present)
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 192 new->tcfp_mtu_ptoks = (s64)psched_l2t_ns(&new->peak,
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 193 new->tcfp_mtu);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 194
7ba699c60 net/sched/act_police.c Patrick McHardy 2008-01-22 195 if (tb[TCA_POLICE_AVRATE])
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 196 new->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 197
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 198 if (tb[TCA_POLICE_RESULT]) {
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 199 new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 200 if (TC_ACT_EXT_CMP(new->tcfp_result, TC_ACT_GOTO_CHAIN)) {
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 201 NL_SET_ERR_MSG(extack,
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 202 "goto chain not allowed on fallback");
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 203 err = -EINVAL;
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 204 goto failure;
^^^^^^^^^^^^
kfree_rcu(new, rcu); ?
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 205 }
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 206 }
c08f5ed5d net/sched/act_police.c Davide Caratti 2018-10-20 207
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 208 spin_lock_bh(&police->tcf_lock);
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 209 spin_lock_bh(&police->tcfp_lock);
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 210 police->tcfp_t_c = ktime_get_ns();
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 211 police->tcfp_toks = new->tcfp_burst;
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 212 if (new->peak_present)
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 213 police->tcfp_ptoks = new->tcfp_mtu_ptoks;
f2cbd4852 net/sched/act_police.c Davide Caratti 2018-11-20 214 spin_unlock_bh(&police->tcfp_lock);
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 215 police->tcf_action = parm->action;
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 216 rcu_swap_protected(police->params,
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 217 new,
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 218 lockdep_is_held(&police->tcf_lock));
e9ce1cd3c net/sched/act_police.c David S. Miller 2006-08-21 219 spin_unlock_bh(&police->tcf_lock);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 220
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 221 if (new)
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 222 kfree_rcu(new, rcu);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 223
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 224 if (ret == ACT_P_CREATED)
2d550dbad net/sched/act_police.c Davide Caratti 2018-09-13 225 tcf_idr_insert(tn, *a);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 226 return ret;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 227
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 228 failure:
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 229 qdisc_put_rtab(P_tab);
71bcb09a5 net/sched/act_police.c Stephen Hemminger 2008-11-25 230 qdisc_put_rtab(R_tab);
5bf7f8185 net/sched/act_police.c Davide Caratti 2018-03-19 231 tcf_idr_release(*a, bind);
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 @232 return err;
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 233 }
^1da177e4 net/sched/police.c Linus Torvalds 2005-04-16 234
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation