forked from Minki/linux
net: fix secpath kmemleak
Mike Kazantsev found 3.5 kernels and beyond were leaking memory, and tracked the faulty commit toa1c7fff7e1
("net: netdev_alloc_skb() use build_skb()") While this commit seems fine, it uncovered a bug introduced in commitbad43ca832
("net: introduce skb_try_coalesce()), in function kfree_skb_partial()"): If head is stolen, we free the sk_buff, without removing references on secpath (skb->sp). So IPsec + IP defrag/reassembly (using skb coalescing), or TCP coalescing could leak secpath objects. Fix this bug by calling skb_release_head_state(skb) to properly release all possible references to linked objects. Reported-by: Mike Kazantsev <mk.fraggod@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Bisected-by: Mike Kazantsev <mk.fraggod@gmail.com> Tested-by: Mike Kazantsev <mk.fraggod@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
8a6e29d6d0
commit
3d861f6610
@ -3379,10 +3379,12 @@ EXPORT_SYMBOL(__skb_warn_lro_forwarding);
|
||||
|
||||
void kfree_skb_partial(struct sk_buff *skb, bool head_stolen)
|
||||
{
|
||||
if (head_stolen)
|
||||
if (head_stolen) {
|
||||
skb_release_head_state(skb);
|
||||
kmem_cache_free(skbuff_head_cache, skb);
|
||||
else
|
||||
} else {
|
||||
__kfree_skb(skb);
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL(kfree_skb_partial);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user