Re: [PATCH] Revert "ipv4: fix memory leaks in ip_cmsg_send() callers"
From: yajun . deng
Date: Mon Sep 13 2021 - 22:21:27 EST
September 14, 2021 12:15 AM, "Eric Dumazet" <edumazet@xxxxxxxxxx> wrote:
> On Sun, Sep 12, 2021 at 9:04 PM Yajun Deng <yajun.deng@xxxxxxxxx> wrote:
>
>> This reverts commit 919483096bfe75dda338e98d56da91a263746a0a.
>>
>> There is only when ip_options_get() return zero need to free.
>> It already called kfree() when return error.
>>
>> Fixes: 919483096bfe ("ipv4: fix memory leaks in ip_cmsg_send() callers")
>> Signed-off-by: Yajun Deng <yajun.deng@xxxxxxxxx>
>> ---
>
> I do not think this is a valid patch, not sure why David has merged so
> soon before us reviewing it ?
>
> You are bringing back the memory leaks.
>
> ip_cmsg_send() can loop over multiple cmsghdr()
>
Yes, I forgot the loop, it was my mistake.
> If IP_RETOPTS has been successful, but following cmsghdr generates an error,
> we do not free ipc.ok
>
> If IP_RETOPTS is not successful, we have freed the allocated temporary space,
> not the one currently in ipc.opt.
>
> Can you share what your exact finding was, perhaps a syzbot repro ???
>
> Thanks.