net: Fix potential memory leak in proto_register()
If we failed to assign proto idx, we free the twsk_slab_name but forget to
free the twsk_slab. Add a helper function tw_prot_cleanup() to free these
together and also use this helper function in proto_unregister().
Fixes: b45ce32135 ("sock: fix potential memory leak in proto_register()")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Miaohe Lin
David S. Miller
parent
50caa777a3
commit
0f5907af39
|
|
@ -3406,6 +3406,16 @@ static void sock_inuse_add(struct net *net, int val)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
|
||||||
|
{
|
||||||
|
if (!twsk_prot)
|
||||||
|
return;
|
||||||
|
kfree(twsk_prot->twsk_slab_name);
|
||||||
|
twsk_prot->twsk_slab_name = NULL;
|
||||||
|
kmem_cache_destroy(twsk_prot->twsk_slab);
|
||||||
|
twsk_prot->twsk_slab = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
|
static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
|
||||||
{
|
{
|
||||||
if (!rsk_prot)
|
if (!rsk_prot)
|
||||||
|
|
@ -3476,7 +3486,7 @@ int proto_register(struct proto *prot, int alloc_slab)
|
||||||
prot->slab_flags,
|
prot->slab_flags,
|
||||||
NULL);
|
NULL);
|
||||||
if (prot->twsk_prot->twsk_slab == NULL)
|
if (prot->twsk_prot->twsk_slab == NULL)
|
||||||
goto out_free_timewait_sock_slab_name;
|
goto out_free_timewait_sock_slab;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3484,15 +3494,15 @@ int proto_register(struct proto *prot, int alloc_slab)
|
||||||
ret = assign_proto_idx(prot);
|
ret = assign_proto_idx(prot);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
mutex_unlock(&proto_list_mutex);
|
mutex_unlock(&proto_list_mutex);
|
||||||
goto out_free_timewait_sock_slab_name;
|
goto out_free_timewait_sock_slab;
|
||||||
}
|
}
|
||||||
list_add(&prot->node, &proto_list);
|
list_add(&prot->node, &proto_list);
|
||||||
mutex_unlock(&proto_list_mutex);
|
mutex_unlock(&proto_list_mutex);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
out_free_timewait_sock_slab_name:
|
out_free_timewait_sock_slab:
|
||||||
if (alloc_slab && prot->twsk_prot)
|
if (alloc_slab && prot->twsk_prot)
|
||||||
kfree(prot->twsk_prot->twsk_slab_name);
|
tw_prot_cleanup(prot->twsk_prot);
|
||||||
out_free_request_sock_slab:
|
out_free_request_sock_slab:
|
||||||
if (alloc_slab) {
|
if (alloc_slab) {
|
||||||
req_prot_cleanup(prot->rsk_prot);
|
req_prot_cleanup(prot->rsk_prot);
|
||||||
|
|
@ -3516,12 +3526,7 @@ void proto_unregister(struct proto *prot)
|
||||||
prot->slab = NULL;
|
prot->slab = NULL;
|
||||||
|
|
||||||
req_prot_cleanup(prot->rsk_prot);
|
req_prot_cleanup(prot->rsk_prot);
|
||||||
|
tw_prot_cleanup(prot->twsk_prot);
|
||||||
if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
|
|
||||||
kmem_cache_destroy(prot->twsk_prot->twsk_slab);
|
|
||||||
kfree(prot->twsk_prot->twsk_slab_name);
|
|
||||||
prot->twsk_prot->twsk_slab = NULL;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(proto_unregister);
|
EXPORT_SYMBOL(proto_unregister);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue