Re: [tipc-discussion] [net v1 1/3] tipc: fix potential memory leak in __tipc_sendmsg()
Acked-by: Jon
> -Original Message-
> From: Ying Xue
> Sent: 14-Aug-19 07:41
> To: Tung Quang Nguyen ; tipc-
> discuss...@lists.sourceforge.net; Jon Maloy ;
> ma...@donjonn.com
> Subject: Re: [tipc-discussion][net v1 1/3] tipc: fix potential memory leak in
> __tipc_sendmsg()
>
> On 8/13/19 6:01 PM, Tung Nguyen wrote:
> > When initiating a connection message to a server side, the connection
> > message is cloned and added to the socket write queue. However, if the
> > cloning is failed, only the socket write queue is purged. It causes
> > memory leak because the original connection message is not freed.
> >
> > This commit fixes it by purging the list of connection message when it
> > cannot be cloned.
> >
> > Fixes: 6787927475e5 ("tipc: buffer overflow handling in listener
> > socket")
> > Reported-by: Hoang Le
> > Signed-off-by: Tung Nguyen
>
> Acked-by: Ying Xue
>
> > ---
> > net/tipc/socket.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/tipc/socket.c b/net/tipc/socket.c index
> > 83ae41d7e554..dcb8b6082757 100644
> > --- a/net/tipc/socket.c
> > +++ b/net/tipc/socket.c
> > @@ -1392,8 +1392,10 @@ static int __tipc_sendmsg(struct socket *sock,
> struct msghdr *m, size_t dlen)
> > rc = tipc_msg_build(hdr, m, 0, dlen, mtu, );
> > if (unlikely(rc != dlen))
> > return rc;
> > - if (unlikely(syn && !tipc_msg_skb_clone(,
> >sk_write_queue)))
> > + if (unlikely(syn && !tipc_msg_skb_clone(,
> >sk_write_queue))) {
> > + __skb_queue_purge();
> > return -ENOMEM;
> > + }
> >
> > trace_tipc_sk_sendmsg(sk, skb_peek(), TIPC_DUMP_SK_SNDQ, "
> ");
> > rc = tipc_node_xmit(net, , dnode, tsk->portid);
> >
___
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
Re: [tipc-discussion] [net v1 1/3] tipc: fix potential memory leak in __tipc_sendmsg()
On 8/13/19 6:01 PM, Tung Nguyen wrote:
> When initiating a connection message to a server side, the connection
> message is cloned and added to the socket write queue. However, if the
> cloning is failed, only the socket write queue is purged. It causes
> memory leak because the original connection message is not freed.
>
> This commit fixes it by purging the list of connection message when
> it cannot be cloned.
>
> Fixes: 6787927475e5 ("tipc: buffer overflow handling in listener socket")
> Reported-by: Hoang Le
> Signed-off-by: Tung Nguyen
Acked-by: Ying Xue
> ---
> net/tipc/socket.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/tipc/socket.c b/net/tipc/socket.c
> index 83ae41d7e554..dcb8b6082757 100644
> --- a/net/tipc/socket.c
> +++ b/net/tipc/socket.c
> @@ -1392,8 +1392,10 @@ static int __tipc_sendmsg(struct socket *sock, struct
> msghdr *m, size_t dlen)
> rc = tipc_msg_build(hdr, m, 0, dlen, mtu, );
> if (unlikely(rc != dlen))
> return rc;
> - if (unlikely(syn && !tipc_msg_skb_clone(, >sk_write_queue)))
> + if (unlikely(syn && !tipc_msg_skb_clone(, >sk_write_queue))) {
> + __skb_queue_purge();
> return -ENOMEM;
> + }
>
> trace_tipc_sk_sendmsg(sk, skb_peek(), TIPC_DUMP_SK_SNDQ, " ");
> rc = tipc_node_xmit(net, , dnode, tsk->portid);
>
___
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
[tipc-discussion] [net v1 1/3] tipc: fix potential memory leak in __tipc_sendmsg()
When initiating a connection message to a server side, the connection
message is cloned and added to the socket write queue. However, if the
cloning is failed, only the socket write queue is purged. It causes
memory leak because the original connection message is not freed.
This commit fixes it by purging the list of connection message when
it cannot be cloned.
Fixes: 6787927475e5 ("tipc: buffer overflow handling in listener socket")
Reported-by: Hoang Le
Signed-off-by: Tung Nguyen
---
net/tipc/socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 83ae41d7e554..dcb8b6082757 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1392,8 +1392,10 @@ static int __tipc_sendmsg(struct socket *sock, struct
msghdr *m, size_t dlen)
rc = tipc_msg_build(hdr, m, 0, dlen, mtu, );
if (unlikely(rc != dlen))
return rc;
- if (unlikely(syn && !tipc_msg_skb_clone(, >sk_write_queue)))
+ if (unlikely(syn && !tipc_msg_skb_clone(, >sk_write_queue))) {
+ __skb_queue_purge();
return -ENOMEM;
+ }
trace_tipc_sk_sendmsg(sk, skb_peek(), TIPC_DUMP_SK_SNDQ, " ");
rc = tipc_node_xmit(net, , dnode, tsk->portid);
--
2.17.1
___
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
