atm: fix a memory leak of vcc->user_back
[ Upstream commit 8d9f73c0ad
]
In lec_arp_clear_vccs() only entry->vcc is freed, but vcc
could be installed on entry->recv_vcc too in lec_vcc_added().
This fixes the following memory leak:
unreferenced object 0xffff8880d9266b90 (size 16):
comm "atm2", pid 425, jiffies 4294907980 (age 23.488s)
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6b a5 ............kkk.
backtrace:
[<(____ptrval____)>] kmem_cache_alloc_trace+0x10e/0x151
[<(____ptrval____)>] lane_ioctl+0x4b3/0x569
[<(____ptrval____)>] do_vcc_ioctl+0x1ea/0x236
[<(____ptrval____)>] svc_ioctl+0x17d/0x198
[<(____ptrval____)>] sock_do_ioctl+0x47/0x12f
[<(____ptrval____)>] sock_ioctl+0x2f9/0x322
[<(____ptrval____)>] vfs_ioctl+0x1e/0x2b
[<(____ptrval____)>] ksys_ioctl+0x61/0x80
[<(____ptrval____)>] __x64_sys_ioctl+0x16/0x19
[<(____ptrval____)>] do_syscall_64+0x57/0x65
[<(____ptrval____)>] entry_SYSCALL_64_after_hwframe+0x49/0xb3
Cc: Gengming Liu <l.dmxcsnsbh@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
9325e9e5ab
commit
fa7c336dd1
|
@ -1269,6 +1269,12 @@ static void lec_arp_clear_vccs(struct lec_arp_table *entry)
|
||||||
entry->vcc = NULL;
|
entry->vcc = NULL;
|
||||||
}
|
}
|
||||||
if (entry->recv_vcc) {
|
if (entry->recv_vcc) {
|
||||||
|
struct atm_vcc *vcc = entry->recv_vcc;
|
||||||
|
struct lec_vcc_priv *vpriv = LEC_VCC_PRIV(vcc);
|
||||||
|
|
||||||
|
kfree(vpriv);
|
||||||
|
vcc->user_back = NULL;
|
||||||
|
|
||||||
entry->recv_vcc->push = entry->old_recv_push;
|
entry->recv_vcc->push = entry->old_recv_push;
|
||||||
vcc_release_async(entry->recv_vcc, -EPIPE);
|
vcc_release_async(entry->recv_vcc, -EPIPE);
|
||||||
entry->recv_vcc = NULL;
|
entry->recv_vcc = NULL;
|
||||||
|
|
Loading…
Reference in New Issue