On Mon, Nov 14, 2016 at 1:34 PM, Eric Dumazet <eric.duma...@gmail.com> wrote:
> From: Eric Dumazet <eduma...@google.com>
>
> I had crashes in a DEBUG_PAGEALLOC kernels in fib_table_flush() or
> fib_table_lookup() that I back tracked to a refcounting issue
> happening when we clone struct fib_alias in fib_trie_unmerge()
>
> While fixing this issue, I also noticed a mem leak happening
> if fib_insert_alias() fails.
>
> Fixes: 0ddcf43d5d4a0 ("ipv4: FIB Local/MAIN table collapse")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Cc: Alexander Duyck <alexander.h.du...@intel.com>
> ---
> net/ipv4/fib_trie.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
> index 4cff74d4133f..ebf49ab889e8 100644
> --- a/net/ipv4/fib_trie.c
> +++ b/net/ipv4/fib_trie.c
> @@ -1737,14 +1737,19 @@ struct fib_table *fib_trie_unmerge(struct fib_table
> *oldtb)
> goto out;
>
> memcpy(new_fa, fa, sizeof(*fa));
> + if (fa->fa_info)
> + fa->fa_info->fib_treeref++;
>
> /* insert clone into table */
> if (!local_l)
> local_l = fib_find_node(lt, &local_tp,
> l->key);
>
> if (fib_insert_alias(lt, local_tp, local_l, new_fa,
> - NULL, l->key))
> + NULL, l->key)) {
> + kmem_cache_free(fn_alias_kmem, new_fa);
> + fib_release_info(fa->fa_info);
> goto out;
> + }
> }
>
> /* stop loop if key wrapped back to 0 */
>
>
Actually I think this creates a reference leak. If you look the call
to fib_table_flush_external is skipping the call to fib_release_info.
If you add this then you would probably need to update
fib_table_flush_external so that we call fib_release_info like we do
for fib_table_flush.
