On Mon, Jul 31, 2023 at 9:26 AM Dan Carpenter dan.carpenter@linaro.org wrote:
I'm not a networking person, but I was looking at some use after free static checker warnings.
Did you refer to the gist I posted or something new?
Apparently the rule with xmit functions is that if they return a value
15 then that means the skb was not freed. Otherwise it's supposed to
be freed. So like NETDEV_TX_BUSY is 0x10 so it's not freed.
This is checked with using the dev_xmit_complete() function. So I feel like it would make sense for LWTUNNEL_XMIT_CONTINUE to return higher than 15.
Yes I am adopting your suggestion in v5. Dealing with NETDEV_TX_BUSY would be left as another item (potentially more suited for netdev rather than bpf). Would be great to find a reproduction of memleak.
Because that's the bug right? The original code was assuming that everything besides LWTUNNEL_XMIT_DONE was freed.
regards, dan carpenter