Message ID | 20130421093436.GA26775@macbook.localnet |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Sun, 2013-04-21 at 11:34 +0200, Patrick McHardy wrote: > commit 77734833d78bcf0a3f58cde8b5b2424e8fc8b7e6 > Author: Patrick McHardy <kaber@trash.net> > Date: Sun Apr 21 11:34:12 2013 +0200 > > net: vlan: fix memory leak in vlan_info_rcu_free() > > The following leak is reported by kmemleak: > > [ 86.812073] kmemleak: Found object by alias at > 0xffff88006ecc76f0 > [ 86.816019] Pid: 739, comm: kworker/u:1 Not tainted 3.9.0-rc5+ > #842 > [ 86.816019] Call Trace: > [ 86.816019] <IRQ> [<ffffffff81151c58>] find_and_get_object > +0x8c/0xdf > [ 86.816019] [<ffffffff8190e90d>] ? vlan_info_rcu_free > +0x33/0x49 > [ 86.816019] [<ffffffff81151cbe>] delete_object_full+0x13/0x2f > [ 86.816019] [<ffffffff8194bbb6>] kmemleak_free+0x26/0x45 > [ 86.816019] [<ffffffff8113e8c7>] slab_free_hook+0x1e/0x7b > [ 86.816019] [<ffffffff81141c05>] kfree+0xce/0x14b > [ 86.816019] [<ffffffff8190e90d>] vlan_info_rcu_free+0x33/0x49 > [ 86.816019] [<ffffffff810d0b0b>] rcu_do_batch+0x261/0x4e7 > > The reason is that in vlan_info_rcu_free() we don't take the VLAN > protocol > into account when iterating over the vlan_devices_array. > > Reported-by: Cong Wang <amwang@redhat.com> > Signed-off-by: Patrick McHardy <kaber@trash.net> Yes, indeed. Tested-by: Cong Wang <amwang@redhat.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Cong Wang <amwang@redhat.com> Date: Sun, 21 Apr 2013 17:49:17 +0800 > On Sun, 2013-04-21 at 11:34 +0200, Patrick McHardy wrote: >> commit 77734833d78bcf0a3f58cde8b5b2424e8fc8b7e6 >> Author: Patrick McHardy <kaber@trash.net> >> Date: Sun Apr 21 11:34:12 2013 +0200 >> >> net: vlan: fix memory leak in vlan_info_rcu_free() >> >> The following leak is reported by kmemleak: >> >> [ 86.812073] kmemleak: Found object by alias at >> 0xffff88006ecc76f0 >> [ 86.816019] Pid: 739, comm: kworker/u:1 Not tainted 3.9.0-rc5+ >> #842 >> [ 86.816019] Call Trace: >> [ 86.816019] <IRQ> [<ffffffff81151c58>] find_and_get_object >> +0x8c/0xdf >> [ 86.816019] [<ffffffff8190e90d>] ? vlan_info_rcu_free >> +0x33/0x49 >> [ 86.816019] [<ffffffff81151cbe>] delete_object_full+0x13/0x2f >> [ 86.816019] [<ffffffff8194bbb6>] kmemleak_free+0x26/0x45 >> [ 86.816019] [<ffffffff8113e8c7>] slab_free_hook+0x1e/0x7b >> [ 86.816019] [<ffffffff81141c05>] kfree+0xce/0x14b >> [ 86.816019] [<ffffffff8190e90d>] vlan_info_rcu_free+0x33/0x49 >> [ 86.816019] [<ffffffff810d0b0b>] rcu_do_batch+0x261/0x4e7 >> >> The reason is that in vlan_info_rcu_free() we don't take the VLAN >> protocol >> into account when iterating over the vlan_devices_array. >> >> Reported-by: Cong Wang <amwang@redhat.com> >> Signed-off-by: Patrick McHardy <kaber@trash.net> > > Yes, indeed. > > Tested-by: Cong Wang <amwang@redhat.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c index ebfa2fc..8a15eaa 100644 --- a/net/8021q/vlan_core.c +++ b/net/8021q/vlan_core.c @@ -157,10 +157,11 @@ EXPORT_SYMBOL(vlan_untag); static void vlan_group_free(struct vlan_group *grp) { - int i; + int i, j; - for (i = 0; i < VLAN_GROUP_ARRAY_SPLIT_PARTS; i++) - kfree(grp->vlan_devices_arrays[i]); + for (i = 0; i < VLAN_PROTO_NUM; i++) + for (j = 0; j < VLAN_GROUP_ARRAY_SPLIT_PARTS; j++) + kfree(grp->vlan_devices_arrays[i][j]); } static void vlan_info_free(struct vlan_info *vlan_info)