aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2010-08-16 16:04:22 -0400
committerDavid S. Miller <davem@davemloft.net>2010-08-17 18:12:15 -0400
commit1c40be12f7d8ca1d387510d39787b12e512a7ce8 (patch)
treef555374eb0af8cf96d0dafb2444335ee352f73b4
parent001389b9581c13fe5fc357a0f89234f85af4215d (diff)
net sched: fix some kernel memory leaks
We leak at least 32bits of kernel memory to user land in tc dump, because we dont init all fields (capab ?) of the dumped structure. Use C99 initializers so that holes and non explicit fields are zeroed. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/sched/act_gact.c21
-rw-r--r--net/sched/act_mirred.c15
-rw-r--r--net/sched/act_nat.c22
-rw-r--r--net/sched/act_simple.c11
-rw-r--r--net/sched/act_skbedit.c11
5 files changed, 43 insertions, 37 deletions
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index 8406c6654990..c2ed90a4c0b4 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
@@ -152,21 +152,24 @@ static int tcf_gact(struct sk_buff *skb, struct tc_action *a, struct tcf_result
152static int tcf_gact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 152static int tcf_gact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
153{ 153{
154 unsigned char *b = skb_tail_pointer(skb); 154 unsigned char *b = skb_tail_pointer(skb);
155 struct tc_gact opt;
156 struct tcf_gact *gact = a->priv; 155 struct tcf_gact *gact = a->priv;
156 struct tc_gact opt = {
157 .index = gact->tcf_index,
158 .refcnt = gact->tcf_refcnt - ref,
159 .bindcnt = gact->tcf_bindcnt - bind,
160 .action = gact->tcf_action,
161 };
157 struct tcf_t t; 162 struct tcf_t t;
158 163
159 opt.index = gact->tcf_index;
160 opt.refcnt = gact->tcf_refcnt - ref;
161 opt.bindcnt = gact->tcf_bindcnt - bind;
162 opt.action = gact->tcf_action;
163 NLA_PUT(skb, TCA_GACT_PARMS, sizeof(opt), &opt); 164 NLA_PUT(skb, TCA_GACT_PARMS, sizeof(opt), &opt);
164#ifdef CONFIG_GACT_PROB 165#ifdef CONFIG_GACT_PROB
165 if (gact->tcfg_ptype) { 166 if (gact->tcfg_ptype) {
166 struct tc_gact_p p_opt; 167 struct tc_gact_p p_opt = {
167 p_opt.paction = gact->tcfg_paction; 168 .paction = gact->tcfg_paction,
168 p_opt.pval = gact->tcfg_pval; 169 .pval = gact->tcfg_pval,
169 p_opt.ptype = gact->tcfg_ptype; 170 .ptype = gact->tcfg_ptype,
171 };
172
170 NLA_PUT(skb, TCA_GACT_PROB, sizeof(p_opt), &p_opt); 173 NLA_PUT(skb, TCA_GACT_PROB, sizeof(p_opt), &p_opt);
171 } 174 }
172#endif 175#endif
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 11f195af2da0..0c311be92827 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -219,15 +219,16 @@ static int tcf_mirred_dump(struct sk_buff *skb, struct tc_action *a, int bind, i
219{ 219{
220 unsigned char *b = skb_tail_pointer(skb); 220 unsigned char *b = skb_tail_pointer(skb);
221 struct tcf_mirred *m = a->priv; 221 struct tcf_mirred *m = a->priv;
222 struct tc_mirred opt; 222 struct tc_mirred opt = {
223 .index = m->tcf_index,
224 .action = m->tcf_action,
225 .refcnt = m->tcf_refcnt - ref,
226 .bindcnt = m->tcf_bindcnt - bind,
227 .eaction = m->tcfm_eaction,
228 .ifindex = m->tcfm_ifindex,
229 };
223 struct tcf_t t; 230 struct tcf_t t;
224 231
225 opt.index = m->tcf_index;
226 opt.action = m->tcf_action;
227 opt.refcnt = m->tcf_refcnt - ref;
228 opt.bindcnt = m->tcf_bindcnt - bind;
229 opt.eaction = m->tcfm_eaction;
230 opt.ifindex = m->tcfm_ifindex;
231 NLA_PUT(skb, TCA_MIRRED_PARMS, sizeof(opt), &opt); 232 NLA_PUT(skb, TCA_MIRRED_PARMS, sizeof(opt), &opt);
232 t.install = jiffies_to_clock_t(jiffies - m->tcf_tm.install); 233 t.install = jiffies_to_clock_t(jiffies - m->tcf_tm.install);
233 t.lastuse = jiffies_to_clock_t(jiffies - m->tcf_tm.lastuse); 234 t.lastuse = jiffies_to_clock_t(jiffies - m->tcf_tm.lastuse);
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 509a2d53a99d..186eb837e600 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -272,19 +272,19 @@ static int tcf_nat_dump(struct sk_buff *skb, struct tc_action *a,
272{ 272{
273 unsigned char *b = skb_tail_pointer(skb); 273 unsigned char *b = skb_tail_pointer(skb);
274 struct tcf_nat *p = a->priv; 274 struct tcf_nat *p = a->priv;
275 struct tc_nat opt; 275 struct tc_nat opt = {
276 .old_addr = p->old_addr,
277 .new_addr = p->new_addr,
278 .mask = p->mask,
279 .flags = p->flags,
280
281 .index = p->tcf_index,
282 .action = p->tcf_action,
283 .refcnt = p->tcf_refcnt - ref,
284 .bindcnt = p->tcf_bindcnt - bind,
285 };
276 struct tcf_t t; 286 struct tcf_t t;
277 287
278 opt.old_addr = p->old_addr;
279 opt.new_addr = p->new_addr;
280 opt.mask = p->mask;
281 opt.flags = p->flags;
282
283 opt.index = p->tcf_index;
284 opt.action = p->tcf_action;
285 opt.refcnt = p->tcf_refcnt - ref;
286 opt.bindcnt = p->tcf_bindcnt - bind;
287
288 NLA_PUT(skb, TCA_NAT_PARMS, sizeof(opt), &opt); 288 NLA_PUT(skb, TCA_NAT_PARMS, sizeof(opt), &opt);
289 t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install); 289 t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
290 t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse); 290 t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index 4a1d640b0cf1..97e84f3ee775 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -164,13 +164,14 @@ static inline int tcf_simp_dump(struct sk_buff *skb, struct tc_action *a,
164{ 164{
165 unsigned char *b = skb_tail_pointer(skb); 165 unsigned char *b = skb_tail_pointer(skb);
166 struct tcf_defact *d = a->priv; 166 struct tcf_defact *d = a->priv;
167 struct tc_defact opt; 167 struct tc_defact opt = {
168 .index = d->tcf_index,
169 .refcnt = d->tcf_refcnt - ref,
170 .bindcnt = d->tcf_bindcnt - bind,
171 .action = d->tcf_action,
172 };
168 struct tcf_t t; 173 struct tcf_t t;
169 174
170 opt.index = d->tcf_index;
171 opt.refcnt = d->tcf_refcnt - ref;
172 opt.bindcnt = d->tcf_bindcnt - bind;
173 opt.action = d->tcf_action;
174 NLA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt); 175 NLA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
175 NLA_PUT_STRING(skb, TCA_DEF_DATA, d->tcfd_defdata); 176 NLA_PUT_STRING(skb, TCA_DEF_DATA, d->tcfd_defdata);
176 t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install); 177 t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install);
diff --git a/net/sched/act_skbedit.c b/net/sched/act_skbedit.c
index e9607fe55b58..66cbf4eb8855 100644
--- a/net/sched/act_skbedit.c
+++ b/net/sched/act_skbedit.c
@@ -159,13 +159,14 @@ static inline int tcf_skbedit_dump(struct sk_buff *skb, struct tc_action *a,
159{ 159{
160 unsigned char *b = skb_tail_pointer(skb); 160 unsigned char *b = skb_tail_pointer(skb);
161 struct tcf_skbedit *d = a->priv; 161 struct tcf_skbedit *d = a->priv;
162 struct tc_skbedit opt; 162 struct tc_skbedit opt = {
163 .index = d->tcf_index,
164 .refcnt = d->tcf_refcnt - ref,
165 .bindcnt = d->tcf_bindcnt - bind,
166 .action = d->tcf_action,
167 };
163 struct tcf_t t; 168 struct tcf_t t;
164 169
165 opt.index = d->tcf_index;
166 opt.refcnt = d->tcf_refcnt - ref;
167 opt.bindcnt = d->tcf_bindcnt - bind;
168 opt.action = d->tcf_action;
169 NLA_PUT(skb, TCA_SKBEDIT_PARMS, sizeof(opt), &opt); 170 NLA_PUT(skb, TCA_SKBEDIT_PARMS, sizeof(opt), &opt);
170 if (d->flags & SKBEDIT_F_PRIORITY) 171 if (d->flags & SKBEDIT_F_PRIORITY)
171 NLA_PUT(skb, TCA_SKBEDIT_PRIORITY, sizeof(d->priority), 172 NLA_PUT(skb, TCA_SKBEDIT_PRIORITY, sizeof(d->priority),