diff mbox series

[v4,5/5] net/tap: fix leak of fds on failure

Message ID	1586604294-16616-1-git-send-email-wangyunjian@huawei.com (mailing list archive)
State	Superseded, archived
Delegated to:	Ferruh Yigit
Headers	From: wangyunjian <wangyunjian@huawei.com> To: <dev@dpdk.org> CC: <ferruh.yigit@intel.com>, <keith.wiles@intel.com>, <jerry.lilijun@huawei.com>, <xudingke@huawei.com>, Yunjian Wang <wangyunjian@huawei.com>, <stable@dpdk.org> Date: Sat, 11 Apr 2020 19:24:54 +0800 Message-ID: <1586604294-16616-1-git-send-email-wangyunjian@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [dpdk-dev] [PATCH v4 5/5] net/tap: fix leak of fds on failure Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	fixes for tap \| [v4,0/5] fixes for tap [v4,1/5] net/tap: fix mbuf double free when writev fails [v4,2/5] net/tap: fix mbuf and mem leak during queue release [v4,3/5] net/tap: fix check for mbuf's nb_segs failure [v4,4/5] net/tap: fix close a valid fd [v4,5/5] net/tap: fix leak of fds on failure

Checks

Context	Check	Description
ci/Intel-compilation	success	Compilation OK
ci/travis-robot	success	Travis build: passed
ci/checkpatch	warning	coding style issues

Commit Message

Yunjian Wang April 11, 2020, 11:24 a.m. UTC

  From: Yunjian Wang <wangyunjian@huawei.com>

When eth_dev_tap_create() is failed, nlsk_fd and ka_fd won't be closed
thus leading fds leak. Zero is a valid fd. Ultimately leads to a valid
fd was closed by mistake.

Fixes: bf7b7f437b49 ("net/tap: create netdevice during probing")
Fixes: cb7e68da630a ("net/tap: fix cleanup on allocation failure")
CC: stable@dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
---
 drivers/net/tap/rte_eth_tap.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Ferruh Yigit April 15, 2020, 3:14 p.m. UTC | #1

On 4/11/2020 12:24 PM, wangyunjian wrote:
> From: Yunjian Wang <wangyunjian@huawei.com>
> 
> When eth_dev_tap_create() is failed, nlsk_fd and ka_fd won't be closed
> thus leading fds leak. Zero is a valid fd. Ultimately leads to a valid
> fd was closed by mistake.
> 
> Fixes: bf7b7f437b49 ("net/tap: create netdevice during probing")
> Fixes: cb7e68da630a ("net/tap: fix cleanup on allocation failure")
> CC: stable@dpdk.org
> 
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  drivers/net/tap/rte_eth_tap.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
> index 829a9e9b4..9bea5d9d0 100644
> --- a/drivers/net/tap/rte_eth_tap.c
> +++ b/drivers/net/tap/rte_eth_tap.c
> @@ -1820,6 +1820,8 @@ eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
>  	pmd->dev = dev;
>  	strlcpy(pmd->name, tap_name, sizeof(pmd->name));
>  	pmd->type = type;
> +	pmd->ka_fd = -1;
> +	pmd->nlsk_fd = -1;
>  
>  	pmd->ioctl_sock = socket(AF_INET, SOCK_DGRAM, 0);
>  	if (pmd->ioctl_sock == -1) {
> @@ -1850,7 +1852,6 @@ eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
>  	dev->intr_handle = &pmd->intr_handle;
>  
>  	/* Presetup the fds to -1 as being not valid */
> -	pmd->ka_fd = -1;
>  	for (i = 0; i < RTE_PMD_TAP_MAX_QUEUES; i++) {
>  		process_private->rxq_fds[i] = -1;
>  		process_private->txq_fds[i] = -1;
> @@ -1990,7 +1991,11 @@ eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
>  	tap_flow_implicit_flush(pmd, NULL);
>  
>  error_exit:
> -	if (pmd->ioctl_sock > 0)
> +	if (pmd->nlsk_fd == -1)
> +		close(pmd->nlsk_fd);

Shouldn't this be '!=', "pmd->nlsk_fd != -1"?

Yunjian Wang April 16, 2020, 1:15 a.m. UTC | #2

> -----Original Message-----
> From: Ferruh Yigit [mailto:ferruh.yigit@intel.com]
> Sent: Wednesday, April 15, 2020 11:15 PM
> To: wangyunjian <wangyunjian@huawei.com>; dev@dpdk.org
> Cc: keith.wiles@intel.com; Lilijun (Jerry) <jerry.lilijun@huawei.com>; xudingke
> <xudingke@huawei.com>; stable@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v4 5/5] net/tap: fix leak of fds on failure
> 
> On 4/11/2020 12:24 PM, wangyunjian wrote:
> > From: Yunjian Wang <wangyunjian@huawei.com>
> >
> > When eth_dev_tap_create() is failed, nlsk_fd and ka_fd won't be closed
> > thus leading fds leak. Zero is a valid fd. Ultimately leads to a valid
> > fd was closed by mistake.
> >
> > Fixes: bf7b7f437b49 ("net/tap: create netdevice during probing")
> > Fixes: cb7e68da630a ("net/tap: fix cleanup on allocation failure")
> > CC: stable@dpdk.org
> >
> > Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> > ---
> >  drivers/net/tap/rte_eth_tap.c | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/tap/rte_eth_tap.c
> > b/drivers/net/tap/rte_eth_tap.c index 829a9e9b4..9bea5d9d0 100644
> > --- a/drivers/net/tap/rte_eth_tap.c
> > +++ b/drivers/net/tap/rte_eth_tap.c
> > @@ -1820,6 +1820,8 @@ eth_dev_tap_create(struct rte_vdev_device *vdev,
> const char *tap_name,
> >  	pmd->dev = dev;
> >  	strlcpy(pmd->name, tap_name, sizeof(pmd->name));
> >  	pmd->type = type;
> > +	pmd->ka_fd = -1;
> > +	pmd->nlsk_fd = -1;
> >
> >  	pmd->ioctl_sock = socket(AF_INET, SOCK_DGRAM, 0);
> >  	if (pmd->ioctl_sock == -1) {
> > @@ -1850,7 +1852,6 @@ eth_dev_tap_create(struct rte_vdev_device *vdev,
> const char *tap_name,
> >  	dev->intr_handle = &pmd->intr_handle;
> >
> >  	/* Presetup the fds to -1 as being not valid */
> > -	pmd->ka_fd = -1;
> >  	for (i = 0; i < RTE_PMD_TAP_MAX_QUEUES; i++) {
> >  		process_private->rxq_fds[i] = -1;
> >  		process_private->txq_fds[i] = -1;
> > @@ -1990,7 +1991,11 @@ eth_dev_tap_create(struct rte_vdev_device
> *vdev, const char *tap_name,
> >  	tap_flow_implicit_flush(pmd, NULL);
> >
> >  error_exit:
> > -	if (pmd->ioctl_sock > 0)
> > +	if (pmd->nlsk_fd == -1)
> > +		close(pmd->nlsk_fd);
> 
> Shouldn't this be '!=', "pmd->nlsk_fd != -1"?

I'm sorry for my mistakes. I will fix it in next version.

Thanks,
Yunjian

diff mbox series

Patch

diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index 829a9e9b4..9bea5d9d0 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -1820,6 +1820,8 @@  eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
 	pmd->dev = dev;
 	strlcpy(pmd->name, tap_name, sizeof(pmd->name));
 	pmd->type = type;
+	pmd->ka_fd = -1;
+	pmd->nlsk_fd = -1;
 
 	pmd->ioctl_sock = socket(AF_INET, SOCK_DGRAM, 0);
 	if (pmd->ioctl_sock == -1) {
@@ -1850,7 +1852,6 @@  eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
 	dev->intr_handle = &pmd->intr_handle;
 
 	/* Presetup the fds to -1 as being not valid */
-	pmd->ka_fd = -1;
 	for (i = 0; i < RTE_PMD_TAP_MAX_QUEUES; i++) {
 		process_private->rxq_fds[i] = -1;
 		process_private->txq_fds[i] = -1;
@@ -1990,7 +1991,11 @@  eth_dev_tap_create(struct rte_vdev_device *vdev, const char *tap_name,
 	tap_flow_implicit_flush(pmd, NULL);
 
 error_exit:
-	if (pmd->ioctl_sock > 0)
+	if (pmd->nlsk_fd == -1)
+		close(pmd->nlsk_fd);
+	if (pmd->ka_fd != -1)
+		close(pmd->ka_fd);
+	if (pmd->ioctl_sock != -1)
 		close(pmd->ioctl_sock);
 	/* mac_addrs must not be freed alone because part of dev_private */
 	dev->data->mac_addrs = NULL;