| Submitter | Herton Ronaldo Krzesinski |
|---|---|
| Date | Feb. 15, 2013, 3:11 a.m. |
| Message ID | <1360897872-15914-1-git-send-email-herton.krzesinski@canonical.com> |
| Download | mbox | patch |
| Permalink | /patch/220602/ |
| State | New |
| Headers | show |
Comments
Patch
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 901cffd..02b1ef8 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2450,13 +2450,15 @@ static int packet_release(struct socket *sock) packet_flush_mclist(sk); - memset(&req_u, 0, sizeof(req_u)); - - if (po->rx_ring.pg_vec) + if (po->rx_ring.pg_vec) { + memset(&req_u, 0, sizeof(req_u)); packet_set_ring(sk, &req_u, 1, 0); + } - if (po->tx_ring.pg_vec) + if (po->tx_ring.pg_vec) { + memset(&req_u, 0, sizeof(req_u)); packet_set_ring(sk, &req_u, 1, 1); + } fanout_release(sk);
This is a note to let you know that I have just added a patch titled packet: fix leakage of tx_ring memory to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Herton ------ From 17e1037df6f875be31e52f4a5532ceb97e725223 Mon Sep 17 00:00:00 2001 From: Phil Sutter <phil.sutter@viprinet.com> Date: Fri, 1 Feb 2013 07:21:41 +0000 Subject: [PATCH] packet: fix leakage of tx_ring memory commit 9665d5d62487e8e7b1f546c00e11107155384b9a upstream. When releasing a packet socket, the routine packet_set_ring() is reused to free rings instead of allocating them. But when calling it for the first time, it fills req->tp_block_nr with the value of rb->pg_vec_len which in the second invocation makes it bail out since req->tp_block_nr is greater zero but req->tp_block_size is zero. This patch solves the problem by passing a zeroed auto-variable to packet_set_ring() upon each invocation from packet_release(). As far as I can tell, this issue exists even since 69e3c75 (net: TX_RING and packet mmap), i.e. the original inclusion of TX ring support into af_packet, but applies only to sockets with both RX and TX ring allocated, which is probably why this was unnoticed all the time. Signed-off-by: Phil Sutter <phil.sutter@viprinet.com> Cc: Johann Baudy <johann.baudy@gnu-log.net> Cc: Daniel Borkmann <dborkman@redhat.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> --- net/packet/af_packet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -- 1.7.9.5