* Re: Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 5.10-stable tree
[not found] <1623155518245194@kroah.com>
@ 2021-06-08 12:41 ` Pavel Skripkin
0 siblings, 0 replies; only message in thread
From: Pavel Skripkin @ 2021-06-08 12:41 UTC (permalink / raw
To: gregkh; +Cc: davem, syzbot+b039f5699bd82e1fb011, stable-commits, stable
On Tue, 08 Jun 2021 14:31:58 +0200
<gregkh@linuxfoundation.org> wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> net: kcm: fix memory leak in kcm_sendmsg
>
> to the 5.10-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
> and it can be found in the queue-5.10 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable
> tree, please let <stable@vger.kernel.org> know about it.
>
>
> From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
> From: Pavel Skripkin <paskripkin@gmail.com>
> Date: Wed, 2 Jun 2021 22:26:40 +0300
> Subject: net: kcm: fix memory leak in kcm_sendmsg
>
> From: Pavel Skripkin <paskripkin@gmail.com>
>
> commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
>
> Syzbot reported memory leak in kcm_sendmsg()[1].
> The problem was in non-freed frag_list in case of error.
>
> In the while loop:
>
> if (head == skb)
> skb_shinfo(head)->frag_list = tskb;
> else
> skb->next = tskb;
>
> frag_list filled with skbs, but nothing was freeing them.
>
> backtrace:
> [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
> [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
> [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967
> [1] [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
> [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
>
> Reported-and-tested-by:
> syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com Fixes:
> ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Cc:
> stable@vger.kernel.org Signed-off-by: Pavel Skripkin
> <paskripkin@gmail.com> Signed-off-by: David S. Miller
> <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> ---
> net/kcm/kcmsock.c | 5 +++++
> 1 file changed, 5 insertions(+)
Hi, Greg!
I CCed stable. This patch is broken and I've already sent a revert for
this.
https://git.kernel.org/netdev/net/c/a47c397bb29f
Please, don't add this to stable trees. Im sorry
With regards,
Pavel Skripkin
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-06-08 12:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1623155518245194@kroah.com>
2021-06-08 12:41 ` Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 5.10-stable tree Pavel Skripkin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.