projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50caa77)
net: Fix potential memory leak in proto_register()
authorMiaohe Lin <linmiaohe@huawei.com>
Mon, 10 Aug 2020 12:16:58 +0000 (08:16 -0400)
committerDavid S. Miller <davem@davemloft.net>
Tue, 11 Aug 2020 22:36:14 +0000 (15:36 -0700)
If we failed to assign proto idx, we free the twsk_slab_name but forget to
free the twsk_slab. Add a helper function tw_prot_cleanup() to free these
together and also use this helper function in proto_unregister().

Fixes: b45ce32135d1 ("sock: fix potential memory leak in proto_register()")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/sock.c patch | blob | history

diff --git a/net/core/sock.c b/net/core/sock.c
index 49cd5ff..c9083ad 100644 (file)
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -3406,6 +3406,16 @@ static void sock_inuse_add(struct net *net, int val)
 }
 #endif
 
+static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
+{
+       if (!twsk_prot)
+               return;
+       kfree(twsk_prot->twsk_slab_name);
+       twsk_prot->twsk_slab_name = NULL;
+       kmem_cache_destroy(twsk_prot->twsk_slab);
+       twsk_prot->twsk_slab = NULL;
+}
+
 static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
 {
        if (!rsk_prot)
@@ -3476,7 +3486,7 @@ int proto_register(struct proto *prot, int alloc_slab)
                                                  prot->slab_flags,
                                                  NULL);
                        if (prot->twsk_prot->twsk_slab == NULL)
-                               goto out_free_timewait_sock_slab_name;
+                               goto out_free_timewait_sock_slab;
                }
        }
 
@@ -3484,15 +3494,15 @@ int proto_register(struct proto *prot, int alloc_slab)
        ret = assign_proto_idx(prot);
        if (ret) {
                mutex_unlock(&proto_list_mutex);
-               goto out_free_timewait_sock_slab_name;
+               goto out_free_timewait_sock_slab;
        }
        list_add(&prot->node, &proto_list);
        mutex_unlock(&proto_list_mutex);
        return ret;
 
-out_free_timewait_sock_slab_name:
+out_free_timewait_sock_slab:
        if (alloc_slab && prot->twsk_prot)
-               kfree(prot->twsk_prot->twsk_slab_name);
+               tw_prot_cleanup(prot->twsk_prot);
 out_free_request_sock_slab:
        if (alloc_slab) {
                req_prot_cleanup(prot->rsk_prot);
@@ -3516,12 +3526,7 @@ void proto_unregister(struct proto *prot)
        prot->slab = NULL;
 
        req_prot_cleanup(prot->rsk_prot);
-
-       if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
-               kmem_cache_destroy(prot->twsk_prot->twsk_slab);
-               kfree(prot->twsk_prot->twsk_slab_name);
-               prot->twsk_prot->twsk_slab = NULL;
-       }
+       tw_prot_cleanup(prot->twsk_prot);
 }
 EXPORT_SYMBOL(proto_unregister);
 
Domain: System / Kernel;