On Tue, 2018-02-13 at 19:17 -0800, Alexei Starovoitov wrote:
> On Tue, Feb 13, 2018 at 07:00:21PM -0800, Yonghong Song wrote:
> > There is a memory leak happening in lpm_trie map_free callback
> > function trie_free. The trie structure itself does not get freed.
> >
> > Also, trie_free function did not do synchronize_rcu before freeing
> > various data structures. This is incorrect as some rcu_read_lock
> > region(s) for lookup, update, delete or get_next_key may not complete yet.
> > The fix is to add synchronize_rcu in the beginning of trie_free.
> > The useless spin_lock is removed from this function as well.
> >
> > Fixes: b95a5c4db09b ("bpf: add a longest prefix match trie map
> > implementation")
> > Reported-by: Mathieu Malaterre <ma...@debian.org>
> > Reported-by: Alexei Starovoitov <a...@kernel.org>
> > Tested-by: Mathieu Malaterre <ma...@debian.org>
> > Signed-off-by: Yonghong Song <y...@fb.com>
> > ---
> > kernel/bpf/lpm_trie.c | 11 +++++++----
> > 1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > v1->v2:
> > Make comments more precise and make label name more appropriate,
> > as suggested by Daniel
>
> Applied to bpf tree, Thanks Yonghong.
This does not look good.
LOCKDEP surely should complain to
node = rcu_dereference_protected(*slot, lockdep_is_held(&trie->lock));
Since we no longer hold trie->lock
