Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 044175a0 authored by Björn Töpel's avatar Björn Töpel Committed by Daniel Borkmann
Browse files

xsk: fix umem memory leak on cleanup 

When the umem is cleaned up, the task that created it might already be
gone. If the task was gone, the xdp_umem_release function did not free
the pages member of struct xdp_umem.

It turned out that the task lookup was not needed at all; The code was
a left-over when we moved from task accounting to user accounting [1].

This patch fixes the memory leak by removing the task lookup logic
completely.

[1] https://lore.kernel.org/netdev/20180131135356.19134-3-bjorn.topel@gmail.com/

Link: https://lore.kernel.org/netdev/c1cb2ca8-6a14-3980-8672-f3de0bb38dfd@suse.cz/


Fixes: c0c77d8f ("xsk: add user memory registration support sockopt")
Reported-by: default avatarJiri Slaby <jslaby@suse.cz>
Signed-off-by: default avatarBjörn Töpel <bjorn.topel@intel.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 89538398

include/net/xdp_sock.h

+0 −1
Original line number Diff line number Diff line
@@ -36,7 +36,6 @@ struct xdp_umem { 
	u32 headroom;

	u32 chunk_size_nohr;

	struct user_struct *user;

	struct pid *pid;

	unsigned long address;

	refcount_t users;

	struct work_struct work;

net/xdp/xdp_umem.c

+1 −18
Original line number Diff line number Diff line
@@ -193,9 +193,6 @@ static void xdp_umem_unaccount_pages(struct xdp_umem *umem) 


static void xdp_umem_release(struct xdp_umem *umem)

{

	struct task_struct *task;

	struct mm_struct *mm;



	xdp_umem_clear_dev(umem);



	ida_simple_remove(&umem_ida, umem->id);
@@ -214,21 +211,10 @@ static void xdp_umem_release(struct xdp_umem *umem) 


	xdp_umem_unpin_pages(umem);



	task = get_pid_task(umem->pid, PIDTYPE_PID);

	put_pid(umem->pid);

	if (!task)

		goto out;

	mm = get_task_mm(task);

	put_task_struct(task);

	if (!mm)

		goto out;



	mmput(mm);

	kfree(umem->pages);

	umem->pages = NULL;



	xdp_umem_unaccount_pages(umem);

out:

	kfree(umem);

}
@@ -357,7 +343,6 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr) 
	if (size_chk < 0)

		return -EINVAL;



	umem->pid = get_task_pid(current, PIDTYPE_PID);

	umem->address = (unsigned long)addr;

	umem->chunk_mask = ~((u64)chunk_size - 1);

	umem->size = size;
@@ -373,7 +358,7 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr) 


	err = xdp_umem_account_pages(umem);

	if (err)

		goto out;

		return err;



	err = xdp_umem_pin_pages(umem);

	if (err)
@@ -392,8 +377,6 @@ static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr) 


out_account:

	xdp_umem_unaccount_pages(umem);

out:

	put_pid(umem->pid);

	return err;

}