From: Patrick McHardy Date: Sat, 20 Apr 2013 23:34:40 +0000 (+0000) Subject: net: vlan: fix memory leak in vlan_info_rcu_free() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cf2c014adef10c75af7042f38e74adb91d7bff6c;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git net: vlan: fix memory leak in vlan_info_rcu_free() The following leak is reported by kmemleak: [ 86.812073] kmemleak: Found object by alias at 0xffff88006ecc76f0 [ 86.816019] Pid: 739, comm: kworker/u:1 Not tainted 3.9.0-rc5+ #842 [ 86.816019] Call Trace: [ 86.816019] [] find_and_get_object+0x8c/0xdf [ 86.816019] [] ? vlan_info_rcu_free+0x33/0x49 [ 86.816019] [] delete_object_full+0x13/0x2f [ 86.816019] [] kmemleak_free+0x26/0x45 [ 86.816019] [] slab_free_hook+0x1e/0x7b [ 86.816019] [] kfree+0xce/0x14b [ 86.816019] [] vlan_info_rcu_free+0x33/0x49 [ 86.816019] [] rcu_do_batch+0x261/0x4e7 The reason is that in vlan_info_rcu_free() we don't take the VLAN protocol into account when iterating over the vlan_devices_array. Reported-by: Cong Wang Signed-off-by: Patrick McHardy Tested-by: Cong Wang Signed-off-by: David S. Miller --- diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c index ebfa2fceb88b..8a15eaadc4bd 100644 --- a/net/8021q/vlan_core.c +++ b/net/8021q/vlan_core.c @@ -157,10 +157,11 @@ EXPORT_SYMBOL(vlan_untag); static void vlan_group_free(struct vlan_group *grp) { - int i; + int i, j; - for (i = 0; i < VLAN_GROUP_ARRAY_SPLIT_PARTS; i++) - kfree(grp->vlan_devices_arrays[i]); + for (i = 0; i < VLAN_PROTO_NUM; i++) + for (j = 0; j < VLAN_GROUP_ARRAY_SPLIT_PARTS; j++) + kfree(grp->vlan_devices_arrays[i][j]); } static void vlan_info_free(struct vlan_info *vlan_info)