1 From foo@baz Fri Mar 8 07:37:28 CET 2019
2 From: Ido Schimmel <idosch@mellanox.com>
3 Date: Sun, 3 Mar 2019 07:35:51 +0000
4 Subject: team: Free BPF filter when unregistering netdev
6 From: Ido Schimmel <idosch@mellanox.com>
8 [ Upstream commit 692c31bd4054212312396b1d303bffab2c5b93a7 ]
10 When team is used in loadbalance mode a BPF filter can be used to
11 provide a hash which will determine the Tx port.
13 When the netdev is later unregistered the filter is not freed which
14 results in memory leaks [1].
16 Fix by freeing the program and the corresponding filter when
17 unregistering the netdev.
20 unreferenced object 0xffff8881dbc47cc8 (size 16):
21 comm "teamd", pid 3068, jiffies 4294997779 (age 438.247s)
22 hex dump (first 16 bytes):
23 a3 00 6b 6b 6b 6b 6b 6b 88 a5 82 e1 81 88 ff ff ..kkkkkk........
25 [<000000008a3b47e3>] team_nl_cmd_options_set+0x88f/0x11b0
26 [<00000000c4f4f27e>] genl_family_rcv_msg+0x78f/0x1080
27 [<00000000610ef838>] genl_rcv_msg+0xca/0x170
28 [<00000000a281df93>] netlink_rcv_skb+0x132/0x380
29 [<000000004d9448a2>] genl_rcv+0x29/0x40
30 [<000000000321b2f4>] netlink_unicast+0x4c0/0x690
31 [<000000008c25dffb>] netlink_sendmsg+0x929/0xe10
32 [<00000000068298c5>] sock_sendmsg+0xc8/0x110
33 [<0000000082a61ff0>] ___sys_sendmsg+0x77a/0x8f0
34 [<00000000663ae29d>] __sys_sendmsg+0xf7/0x250
35 [<0000000027c5f11a>] do_syscall_64+0x14d/0x610
36 [<000000006cfbc8d3>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
37 [<00000000e23197e2>] 0xffffffffffffffff
38 unreferenced object 0xffff8881e182a588 (size 2048):
39 comm "teamd", pid 3068, jiffies 4294997780 (age 438.247s)
40 hex dump (first 32 bytes):
41 20 00 00 00 02 00 00 00 30 00 00 00 28 f0 ff ff .......0...(...
42 07 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 ........(.......
44 [<000000002daf01fb>] lb_bpf_func_set+0x45c/0x6d0
45 [<000000008a3b47e3>] team_nl_cmd_options_set+0x88f/0x11b0
46 [<00000000c4f4f27e>] genl_family_rcv_msg+0x78f/0x1080
47 [<00000000610ef838>] genl_rcv_msg+0xca/0x170
48 [<00000000a281df93>] netlink_rcv_skb+0x132/0x380
49 [<000000004d9448a2>] genl_rcv+0x29/0x40
50 [<000000000321b2f4>] netlink_unicast+0x4c0/0x690
51 [<000000008c25dffb>] netlink_sendmsg+0x929/0xe10
52 [<00000000068298c5>] sock_sendmsg+0xc8/0x110
53 [<0000000082a61ff0>] ___sys_sendmsg+0x77a/0x8f0
54 [<00000000663ae29d>] __sys_sendmsg+0xf7/0x250
55 [<0000000027c5f11a>] do_syscall_64+0x14d/0x610
56 [<000000006cfbc8d3>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
57 [<00000000e23197e2>] 0xffffffffffffffff
59 Fixes: 01d7f30a9f96 ("team: add loadbalance mode")
60 Signed-off-by: Ido Schimmel <idosch@mellanox.com>
61 Reported-by: Amit Cohen <amitc@mellanox.com>
62 Acked-by: Jiri Pirko <jiri@mellanox.com>
63 Signed-off-by: David S. Miller <davem@davemloft.net>
64 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
66 drivers/net/team/team_mode_loadbalance.c | 15 +++++++++++++++
67 1 file changed, 15 insertions(+)
69 --- a/drivers/net/team/team_mode_loadbalance.c
70 +++ b/drivers/net/team/team_mode_loadbalance.c
71 @@ -325,6 +325,20 @@ static int lb_bpf_func_set(struct team *
75 +static void lb_bpf_func_free(struct team *team)
77 + struct lb_priv *lb_priv = get_lb_priv(team);
78 + struct bpf_prog *fp;
80 + if (!lb_priv->ex->orig_fprog)
83 + __fprog_destroy(lb_priv->ex->orig_fprog);
84 + fp = rcu_dereference_protected(lb_priv->fp,
85 + lockdep_is_held(&team->lock));
86 + bpf_prog_destroy(fp);
89 static int lb_tx_method_get(struct team *team, struct team_gsetter_ctx *ctx)
91 struct lb_priv *lb_priv = get_lb_priv(team);
92 @@ -639,6 +653,7 @@ static void lb_exit(struct team *team)
94 team_options_unregister(team, lb_options,
95 ARRAY_SIZE(lb_options));
96 + lb_bpf_func_free(team);
97 cancel_delayed_work_sync(&lb_priv->ex->stats.refresh_dw);
98 free_percpu(lb_priv->pcpu_stats);
projects / thirdparty / kernel / stable-queue.git / blob