From cf2c014adef10c75af7042f38e74adb91d7bff6c Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sat, 20 Apr 2013 23:34:40 +0000 Subject: [PATCH] net: vlan: fix memory leak in vlan_info_rcu_free() The following leak is reported by kmemleak: [ 86.812073] kmemleak: Found object by alias at 0xffff88006ecc76f0 [ 86.816019] Pid: 739, comm: kworker/u:1 Not tainted 3.9.0-rc5+ #842 [ 86.816019] Call Trace: [ 86.816019] [] find_and_get_object+0x8c/0xdf [ 86.816019] [] ? vlan_info_rcu_free+0x33/0x49 [ 86.816019] [] delete_object_full+0x13/0x2f [ 86.816019] [] kmemleak_free+0x26/0x45 [ 86.816019] [] slab_free_hook+0x1e/0x7b [ 86.816019] [] kfree+0xce/0x14b [ 86.816019] [] vlan_info_rcu_free+0x33/0x49 [ 86.816019] [] rcu_do_batch+0x261/0x4e7 The reason is that in vlan_info_rcu_free() we don't take the VLAN protocol into account when iterating over the vlan_devices_array. Reported-by: Cong Wang Signed-off-by: Patrick McHardy Tested-by: Cong Wang Signed-off-by: David S. Miller --- net/8021q/vlan_core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c index ebfa2fc..8a15eaa 100644 --- a/net/8021q/vlan_core.c +++ b/net/8021q/vlan_core.c @@ -157,10 +157,11 @@ EXPORT_SYMBOL(vlan_untag); static void vlan_group_free(struct vlan_group *grp) { - int i; + int i, j; - for (i = 0; i < VLAN_GROUP_ARRAY_SPLIT_PARTS; i++) - kfree(grp->vlan_devices_arrays[i]); + for (i = 0; i < VLAN_PROTO_NUM; i++) + for (j = 0; j < VLAN_GROUP_ARRAY_SPLIT_PARTS; j++) + kfree(grp->vlan_devices_arrays[i][j]); } static void vlan_info_free(struct vlan_info *vlan_info) -- 2.7.4