[PATCH 5.4 219/270] net: Fix potential memory leak in proto_register()

From: Greg Kroah-Hartman
Date: Mon Aug 17 2020 - 14:06:42 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 194/270] rtw88: fix short GI capability based on current bandwidth"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 196/270] wl1251: fix always return 0 error"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 196/270] wl1251: fix always return 0 error"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 194/270] rtw88: fix short GI capability based on current bandwidth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miaohe Lin <linmiaohe@xxxxxxxxxx>

[ Upstream commit 0f5907af39137f8183ed536aaa00f322d7365130 ]

If we failed to assign proto idx, we free the twsk_slab_name but forget to
free the twsk_slab. Add a helper function tw_prot_cleanup() to free these
together and also use this helper function in proto_unregister().

Fixes: b45ce32135d1 ("sock: fix potential memory leak in proto_register()")
Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/core/sock.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)

--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -3337,6 +3337,16 @@ static void sock_inuse_add(struct net *n
}
#endif

+static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
+{
+ if (!twsk_prot)
+ return;
+ kfree(twsk_prot->twsk_slab_name);
+ twsk_prot->twsk_slab_name = NULL;
+ kmem_cache_destroy(twsk_prot->twsk_slab);
+ twsk_prot->twsk_slab = NULL;
+}
+
static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
{
if (!rsk_prot)
@@ -3407,7 +3417,7 @@ int proto_register(struct proto *prot, i
prot->slab_flags,
NULL);
if (prot->twsk_prot->twsk_slab == NULL)
- goto out_free_timewait_sock_slab_name;
+ goto out_free_timewait_sock_slab;
}
}

@@ -3415,15 +3425,15 @@ int proto_register(struct proto *prot, i
ret = assign_proto_idx(prot);
if (ret) {
mutex_unlock(&proto_list_mutex);
- goto out_free_timewait_sock_slab_name;
+ goto out_free_timewait_sock_slab;
}
list_add(&prot->node, &proto_list);
mutex_unlock(&proto_list_mutex);
return ret;

-out_free_timewait_sock_slab_name:
+out_free_timewait_sock_slab:
if (alloc_slab && prot->twsk_prot)
- kfree(prot->twsk_prot->twsk_slab_name);
+ tw_prot_cleanup(prot->twsk_prot);
out_free_request_sock_slab:
if (alloc_slab) {
req_prot_cleanup(prot->rsk_prot);
@@ -3447,12 +3457,7 @@ void proto_unregister(struct proto *prot
prot->slab = NULL;

req_prot_cleanup(prot->rsk_prot);
-
- if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
- kmem_cache_destroy(prot->twsk_prot->twsk_slab);
- kfree(prot->twsk_prot->twsk_slab_name);
- prot->twsk_prot->twsk_slab = NULL;
- }
+ tw_prot_cleanup(prot->twsk_prot);
}
EXPORT_SYMBOL(proto_unregister);

Next message: Greg Kroah-Hartman: "[PATCH 5.4 194/270] rtw88: fix short GI capability based on current bandwidth"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 196/270] wl1251: fix always return 0 error"
In reply to: Greg Kroah-Hartman: "[PATCH 5.4 196/270] wl1251: fix always return 0 error"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.4 194/270] rtw88: fix short GI capability based on current bandwidth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]