mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 15:20:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Remi Pommarel b0cf0beeb6 mac80211: mesh: Free pending skb when destroying a mpath 
[ Upstream commit 5e43540c2a ]

A mpath object can hold reference on a list of skb that are waiting for
mpath resolution to be sent. When destroying a mpath this skb list
should be cleaned up in order to not leak memory.

Fixing that kind of leak:

unreferenced object 0xffff0000181c9300 (size 1088):
  comm "openvpn", pid 1782, jiffies 4295071698 (age 80.416s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 f9 80 36 00 00 00 00 00  ..........6.....
    02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............
  backtrace:
    [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0
    [<000000002caaef13>] sk_prot_alloc.isra.39+0x34/0x178
    [<00000000ceeaa916>] sk_alloc+0x34/0x228
    [<00000000ca1f1d04>] inet_create+0x198/0x518
    [<0000000035626b1c>] __sock_create+0x134/0x328
    [<00000000a12b3a87>] __sys_socket+0xb0/0x158
    [<00000000ff859f23>] __arm64_sys_socket+0x40/0x58
    [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0
    [<0000000005b5157d>] el0_svc+0x8/0xc
unreferenced object 0xffff000012973a40 (size 216):
  comm "openvpn", pid 1782, jiffies 4295082137 (age 38.660s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 c0 06 16 00 00 ff ff 00 93 1c 18 00 00 ff ff  ................
  backtrace:
    [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0
    [<0000000023c8c8f9>] __alloc_skb+0xc0/0x2b8
    [<000000007ad950bb>] alloc_skb_with_frags+0x60/0x320
    [<00000000ef90023a>] sock_alloc_send_pskb+0x388/0x3c0
    [<00000000104fb1a3>] sock_alloc_send_skb+0x1c/0x28
    [<000000006919d2dd>] __ip_append_data+0xba4/0x11f0
    [<0000000083477587>] ip_make_skb+0x14c/0x1a8
    [<0000000024f3d592>] udp_sendmsg+0xaf0/0xcf0
    [<000000005aabe255>] inet_sendmsg+0x5c/0x80
    [<000000008651ea08>] __sys_sendto+0x15c/0x218
    [<000000003505c99b>] __arm64_sys_sendto+0x74/0x90
    [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0
    [<0000000005b5157d>] el0_svc+0x8/0xc

Fixes: 2bdaf386f9 (mac80211: mesh: move path tables into if_mesh)
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Link: https://lore.kernel.org/r/20200704135419.27703-1-repk@triplefau.lt
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-08-05 10:06:51 +02:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2020-01-27 14:46:30 +01:00
9p 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work 2020-08-05 10:06:49 +02:00
802
8021q vlan: fix memory leak in vlan_dev_set_egress_priority 2020-01-12 12:12:09 +01:00
appletalk appletalk: Set error code if register_snap_client failed 2019-12-17 20:38:59 +01:00
atm net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:25:34 +01:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 16:44:44 +02:00
batman-adv batman-adv: Fix refcnt leak in batadv_v_ogm_process 2020-05-20 08:16:59 +02:00
bluetooth Bluetooth: Add SCO fallback for invalid LMP parameters error 2020-06-20 10:25:08 +02:00
bpf
bridge net: bridge: enfore alignment for ethernet address 2020-06-30 15:37:58 -04:00
caif net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:25:34 +01:00
can can: af_can: Fix error path of can_init() 2019-07-21 09:04:22 +02:00
ceph libceph: don't omit recovery_deletes in target_copy() 2020-07-22 09:22:29 +02:00
core rtnetlink: Fix memory(net_device) leak when ->newlink fails 2020-07-31 16:44:45 +02:00
dcb net: dcb: For wild-card lookups, use priority -1, not 0 2018-09-19 22:43:43 +02:00
dccp net: ipv6: add net argument to ip6_dst_lookup_flow 2020-05-20 08:17:02 +02:00
decnet net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 14:00:14 +01:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
dsa net: dsa: Fix duplicate frames flooded by learning 2020-04-02 16:34:24 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:17:59 +01:00
hsr hsr: check protocol version in hsr_newlink() 2020-04-24 08:00:52 +02:00
ieee802154 nl802154: add missing attribute validation for dev_type 2020-03-20 10:54:10 +01:00
ife
ipv4 tcp: allow at most one TLP probe per flight 2020-07-31 16:44:45 +02:00
ipv6 ip6_gre: fix null-ptr-deref in ip6gre_init_net() 2020-07-31 16:44:44 +02:00
ipx
iucv net/af_iucv: always register net_device notifier 2020-01-27 14:46:38 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:37:45 +02:00
key xfrm: clean up xfrm protocol checks 2019-09-16 08:20:44 +02:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:22:19 +02:00
l3mdev
lapb lapb: fixed leak of control-blocks. 2019-06-22 08:16:14 +02:00
llc llc: make sure applications use ARPHRD_ETHER 2020-07-22 09:22:20 +02:00
mac80211 mac80211: mesh: Free pending skb when destroying a mpath 2020-08-05 10:06:51 +02:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-09-09 19:55:52 +02:00
mpls net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-05-20 08:17:02 +02:00
ncsi
netfilter ipvs: fix the connection sync failed in some cases 2020-07-29 07:42:54 +02:00
netlabel netlabel: cope with NULL catmap 2020-05-20 08:17:12 +02:00
netlink genetlink: remove genl_bind 2020-07-22 09:22:19 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-05-02 17:24:17 +02:00
nfc nfc: add missing attribute validation for vendor subcommand 2020-03-20 10:54:12 +01:00
nsh nsh: set mac len based on inner packet 2018-07-22 14:28:49 +02:00
openvswitch openvswitch: support asymmetric conntrack 2019-12-21 10:47:34 +01:00
packet net/packet: tpacket_rcv: avoid a producer race condition 2020-04-02 16:34:24 +02:00
phonet net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:25:34 +01:00
psample net: psample: fix skb_over_panic 2019-12-05 15:38:15 +01:00
qrtr net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() 2020-06-03 08:17:38 +02:00
rds rds: Prevent kernel-infoleak in rds_notify_queue_get() 2020-08-05 10:06:50 +02:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:11:57 +01:00
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-05-02 09:40:34 +02:00
rxrpc rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA 2020-07-31 16:44:44 +02:00
sched net_sched: fix a memory leak in atm_tc_init() 2020-07-22 09:22:20 +02:00
sctp sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket 2020-06-30 15:37:59 -04:00
smc net/smc: check for valid ib_client_data 2020-03-20 10:54:20 +01:00
strparser strparser: Remove early eaten to fix full tcp receive buffer stall 2018-07-22 14:28:47 +02:00
sunrpc SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() 2020-06-30 15:38:09 -04:00
switchdev
tipc net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-05-20 08:17:02 +02:00
tls net/tls: Fixed return value when tls_complete_pending_work() fails 2018-12-05 19:41:11 +01:00
unix af_unix: add compat_ioctl support 2020-01-17 19:45:49 +01:00
vmw_vsock vsock: fix timeout in vsock_accept() 2020-06-11 09:22:59 +02:00
wimax
wireless cfg80211: check reg_rule for NULL in handle_channel_custom() 2020-03-20 10:54:24 +01:00
x25 net/x25: Fix null-ptr-deref in x25_disconnect 2020-08-05 10:06:50 +02:00
xfrm xfrm: fix a NULL-ptr deref in xfrm_local_error 2020-06-03 08:18:06 +02:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:14:46 +01:00
Kconfig
Makefile
socket.c compat_ioctl: handle SIOCOUTQNSD 2020-01-17 19:45:49 +01:00
sysctl_net.c