AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-04 08:56:57 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
f32b20e89e
linux_dsm_epyc7002/drivers/net
History
Martin KaFai Lau f32b20e89e mlx4: Fix memory leak after mlx4_en_update_priv() 
In mlx4_en_update_priv(), dst->tx_ring[t] and dst->tx_cq[t]
are over-written by src->tx_ring[t] and src->tx_cq[t] without
first calling kfree.

One of the reproducible code paths is by doing 'ethtool -L'.

The fix is to do the kfree in mlx4_en_free_resources().

Here is the kmemleak report:
unreferenced object 0xffff880841211800 (size 2048):
  comm "ethtool", pid 3096, jiffies 4294716940 (age 528.353s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81930718>] kmemleak_alloc+0x28/0x50
    [<ffffffff8120b213>] kmem_cache_alloc_trace+0x103/0x260
    [<ffffffff8170e0a8>] mlx4_en_try_alloc_resources+0x118/0x1a0
    [<ffffffff817065a9>] mlx4_en_set_ringparam+0x169/0x210
    [<ffffffff818040c5>] dev_ethtool+0xae5/0x2190
    [<ffffffff8181b898>] dev_ioctl+0x168/0x6f0
    [<ffffffff817d7a72>] sock_do_ioctl+0x42/0x50
    [<ffffffff817d819b>] sock_ioctl+0x21b/0x2d0
    [<ffffffff81247a73>] do_vfs_ioctl+0x93/0x6a0
    [<ffffffff812480f9>] SyS_ioctl+0x79/0x90
    [<ffffffff8193d7ea>] entry_SYSCALL_64_fastpath+0x18/0xad
    [<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffff880841213000 (size 2048):
  comm "ethtool", pid 3096, jiffies 4294716940 (age 528.353s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81930718>] kmemleak_alloc+0x28/0x50
    [<ffffffff8120b213>] kmem_cache_alloc_trace+0x103/0x260
    [<ffffffff8170e0cb>] mlx4_en_try_alloc_resources+0x13b/0x1a0
    [<ffffffff817065a9>] mlx4_en_set_ringparam+0x169/0x210
    [<ffffffff818040c5>] dev_ethtool+0xae5/0x2190
    [<ffffffff8181b898>] dev_ioctl+0x168/0x6f0
    [<ffffffff817d7a72>] sock_do_ioctl+0x42/0x50
    [<ffffffff817d819b>] sock_ioctl+0x21b/0x2d0
    [<ffffffff81247a73>] do_vfs_ioctl+0x93/0x6a0
    [<ffffffff812480f9>] SyS_ioctl+0x79/0x90
    [<ffffffff8193d7ea>] entry_SYSCALL_64_fastpath+0x18/0xad
    [<ffffffffffffffff>] 0xffffffffffffffff

(gdb) list *mlx4_en_try_alloc_resources+0x118
0xffffffff8170e0a8 is in mlx4_en_try_alloc_resources (drivers/net/ethernet/mellanox/mlx4/en_netdev.c:2145).
2140                    if (!dst->tx_ring_num[t])
2141                            continue;
2142
2143                    dst->tx_ring[t] = kzalloc(sizeof(struct mlx4_en_tx_ring *) *
2144                                              MAX_TX_RINGS, GFP_KERNEL);
2145                    if (!dst->tx_ring[t])
2146                            goto err_free_tx;
2147
2148                    dst->tx_cq[t] = kzalloc(sizeof(struct mlx4_en_cq *) *
2149                                            MAX_TX_RINGS, GFP_KERNEL);
(gdb) list *mlx4_en_try_alloc_resources+0x13b
0xffffffff8170e0cb is in mlx4_en_try_alloc_resources (drivers/net/ethernet/mellanox/mlx4/en_netdev.c:2150).
2145                    if (!dst->tx_ring[t])
2146                            goto err_free_tx;
2147
2148                    dst->tx_cq[t] = kzalloc(sizeof(struct mlx4_en_cq *) *
2149                                            MAX_TX_RINGS, GFP_KERNEL);
2150                    if (!dst->tx_cq[t]) {
2151                            kfree(dst->tx_ring[t]);
2152                            goto err_free_tx;
2153                    }
2154            }

Fixes: ec25bc04ed ("net/mlx4_en: Add resilience in low memory systems")
Cc: Eugenia Emantayev <eugenia@mellanox.com>
Cc: Saeed Mahameed <saeedm@mellanox.com>
Cc: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-02 21:27:05 -05:00
..
appletalk net/appletalk: Fix kernel memory disclosure 2017-01-09 16:34:39 -05:00
arcnet
bonding netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
caif
can can: ti_hecc: add missing prepare and unprepare of the clock 2017-01-18 13:03:15 +01:00
cris
dsa net: dsa: bcm_sf2: Utilize nested MDIO read/write 2017-01-08 22:01:22 -05:00
ethernet mlx4: Fix memory leak after mlx4_en_update_priv() 2017-02-02 21:27:05 -05:00
fddi Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
fjes
hamradio Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
hippi Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
hyperv netvsc: add rcu_read locking to netvsc callback 2017-01-11 16:13:53 -05:00
ieee802154 ieee802154: atusb: fix driver to work with older firmware versions 2017-01-12 22:12:43 +01:00
ipvlan ipvlan: fix multicast processing 2016-12-23 17:53:47 -05:00
irda Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
phy net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause 2017-01-29 18:45:15 -05:00
plip
ppp Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
slip Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
team
usb r8152: check rx after napi is enabled 2017-01-25 22:47:30 -05:00
vmxnet3 Updates for 4.10 kernel merge window 2016-12-15 12:03:32 -08:00
wan net: wan: slic_ds26522: fix spelling mistake: "configurated" -> "configured" 2016-12-28 15:12:20 -05:00
wimax
wireless iwlwifi: mvm: avoid crash on restart w/o reserved queues 2017-01-23 12:55:32 +02:00
xen-netback xen-netback: protect resource cleaning on XenBus disconnect 2017-01-18 15:11:20 -05:00
dummy.c dummy: expend mtu range for dummy device 2016-12-07 13:29:45 -05:00
eql.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
geneve.c geneve: avoid use-after-free of skb->data 2016-12-02 14:07:11 -05:00
gtp.c gtp: fix cross netns recv on gtp socket 2017-01-27 10:39:09 -05:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
macsec.c macsec: remove first zero and add attribute name in comments 2016-12-08 13:08:21 -05:00
macvlan.c driver: macvlan: Remove the rcu member of macvlan_port 2016-12-07 13:22:07 -05:00
macvtap.c virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving 2017-01-20 11:01:17 -05:00
Makefile
mdio.c
mii.c net: mii: report 0 for unknown lp_advertising 2016-11-09 20:26:58 -05:00
netconsole.c
nlmon.c nlmon: use core MTU range checking in nlmon driver 2016-12-07 13:28:26 -05:00
ntb_netdev.c
rionet.c
sb1000.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Space.c
sungem_phy.c
tun.c virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving 2017-01-20 11:01:17 -05:00
veth.c
virtio_net.c virtio_net: reject XDP programs using header adjustment 2017-01-25 22:48:40 -05:00
vrf.c net: vrf: do not allow table id 0 2017-01-11 10:04:01 -05:00
vxlan.c vxlan: do not age static remote mac entries 2017-01-24 15:01:58 -05:00
xen-netfront.c xen-netfront: Fix Rx stall during network stress and OOM 2017-01-20 14:08:39 -05:00