| Message ID | 20200501181109.14542-2-xiyou.wangcong@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] atm: fix a memory leak of vcc->user_back | expand |
From: Cong Wang <xiyou.wangcong@gmail.com> Date: Fri, 1 May 2020 11:11:09 -0700 > In lec_arp_clear_vccs() only entry->vcc is freed, but vcc > could be installed on entry->recv_vcc too in lec_vcc_added(). > > This fixes the following memory leak: > > unreferenced object 0xffff8880d9266b90 (size 16): > comm "atm2", pid 425, jiffies 4294907980 (age 23.488s) > hex dump (first 16 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6b a5 ............kkk. > backtrace: > [<(____ptrval____)>] kmem_cache_alloc_trace+0x10e/0x151 > [<(____ptrval____)>] lane_ioctl+0x4b3/0x569 > [<(____ptrval____)>] do_vcc_ioctl+0x1ea/0x236 > [<(____ptrval____)>] svc_ioctl+0x17d/0x198 > [<(____ptrval____)>] sock_do_ioctl+0x47/0x12f > [<(____ptrval____)>] sock_ioctl+0x2f9/0x322 > [<(____ptrval____)>] vfs_ioctl+0x1e/0x2b > [<(____ptrval____)>] ksys_ioctl+0x61/0x80 > [<(____ptrval____)>] __x64_sys_ioctl+0x16/0x19 > [<(____ptrval____)>] do_syscall_64+0x57/0x65 > [<(____ptrval____)>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 > > Cc: Gengming Liu <l.dmxcsnsbh@gmail.com> > Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Applied.
diff --git a/net/atm/lec.c b/net/atm/lec.c index 25fa3a7b72bd..ca37f5a71f5e 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -1264,6 +1264,12 @@ static void lec_arp_clear_vccs(struct lec_arp_table *entry) entry->vcc = NULL; } if (entry->recv_vcc) { + struct atm_vcc *vcc = entry->recv_vcc; + struct lec_vcc_priv *vpriv = LEC_VCC_PRIV(vcc); + + kfree(vpriv); + vcc->user_back = NULL; + entry->recv_vcc->push = entry->old_recv_push; vcc_release_async(entry->recv_vcc, -EPIPE); entry->recv_vcc = NULL;
In lec_arp_clear_vccs() only entry->vcc is freed, but vcc could be installed on entry->recv_vcc too in lec_vcc_added(). This fixes the following memory leak: unreferenced object 0xffff8880d9266b90 (size 16): comm "atm2", pid 425, jiffies 4294907980 (age 23.488s) hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6b a5 ............kkk. backtrace: [<(____ptrval____)>] kmem_cache_alloc_trace+0x10e/0x151 [<(____ptrval____)>] lane_ioctl+0x4b3/0x569 [<(____ptrval____)>] do_vcc_ioctl+0x1ea/0x236 [<(____ptrval____)>] svc_ioctl+0x17d/0x198 [<(____ptrval____)>] sock_do_ioctl+0x47/0x12f [<(____ptrval____)>] sock_ioctl+0x2f9/0x322 [<(____ptrval____)>] vfs_ioctl+0x1e/0x2b [<(____ptrval____)>] ksys_ioctl+0x61/0x80 [<(____ptrval____)>] __x64_sys_ioctl+0x16/0x19 [<(____ptrval____)>] do_syscall_64+0x57/0x65 [<(____ptrval____)>] entry_SYSCALL_64_after_hwframe+0x49/0xb3 Cc: Gengming Liu <l.dmxcsnsbh@gmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> --- net/atm/lec.c | 6 ++++++ 1 file changed, 6 insertions(+)