[PATCH] net: xfrm: fix memory leak in xfrm_user_rcv_msg

From: Pavel Skripkin
Date: Thu Jun 24 2021 - 15:10:25 EST

Next message: Bjorn Andersson: "Re: [PATCH v1 2/2] drivers: qcom: pinctrl: Add pinctrl driver for sm6115"
Previous message: Rob Herring: "Re: [PATCH 2/2] of: of_reserved_mem: mark nomap memory instead of removing"
Next in thread: Pavel Skripkin: "[PATCH] net: xfrm: fix memory leak in xfrm_user_rcv_msg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

/* ...... */

Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
---
net/xfrm/xfrm_user.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index f0aecee4d539..ff60ff804074 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2811,6 +2811,16 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,

err = link->doit(skb, nlh, attrs);

+ /* We need to free skb allocated in xfrm_alloc_compat() before
+ * returning from this function, because consume_skb() won't take
+ * care of frag_list since netlink destructor sets
+ * sbk->head to NULL. (see netlink_skb_destructor())
+ */
+ if (skb_has_frag_list(skb)) {
+ kfree_skb(skb_shinfo(skb)->frag_list);
+ skb_shinfo(skb)->frag_list = NULL;
+ }
+
err:
kvfree(nlh64);
return err;
--
2.32.0

--MP_/Oo1lbU9EAqYk9DYcvoe1BdC--

Next message: Bjorn Andersson: "Re: [PATCH v1 2/2] drivers: qcom: pinctrl: Add pinctrl driver for sm6115"
Previous message: Rob Herring: "Re: [PATCH 2/2] of: of_reserved_mem: mark nomap memory instead of removing"
Next in thread: Pavel Skripkin: "[PATCH] net: xfrm: fix memory leak in xfrm_user_rcv_msg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]