| From foo@baz Thu Jul 14 07:36:31 JST 2016 |
| From: Martin KaFai Lau <kafai@fb.com> |
| Date: Tue, 5 Jul 2016 12:10:23 -0700 |
| Subject: ipv6: Fix mem leak in rt6i_pcpu |
| |
| From: Martin KaFai Lau <kafai@fb.com> |
| |
| [ Upstream commit 903ce4abdf374e3365d93bcb3df56c62008835ba ] |
| |
| It was first reported and reproduced by Petr (thanks!) in |
| https://bugzilla.kernel.org/show_bug.cgi?id=119581 |
| |
| free_percpu(rt->rt6i_pcpu) used to always happen in ip6_dst_destroy(). |
| |
| However, after fixing a deadlock bug in |
| commit 9c7370a166b4 ("ipv6: Fix a potential deadlock when creating pcpu rt"), |
| free_percpu() is not called before setting non_pcpu_rt->rt6i_pcpu to NULL. |
| |
| It is worth to note that rt6i_pcpu is protected by table->tb6_lock. |
| |
| kmemleak somehow did not report it. We nailed it down by |
| observing the pcpu entries in /proc/vmallocinfo (first suggested |
| by Hannes, thanks!). |
| |
| Signed-off-by: Martin KaFai Lau <kafai@fb.com> |
| Fixes: 9c7370a166b4 ("ipv6: Fix a potential deadlock when creating pcpu rt") |
| Reported-by: Petr Novopashenniy <pety@rusnet.ru> |
| Tested-by: Petr Novopashenniy <pety@rusnet.ru> |
| Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> |
| Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> |
| Cc: Petr Novopashenniy <pety@rusnet.ru> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/ip6_fib.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/net/ipv6/ip6_fib.c |
| +++ b/net/ipv6/ip6_fib.c |
| @@ -179,6 +179,7 @@ static void rt6_free_pcpu(struct rt6_inf |
| } |
| } |
| |
| + free_percpu(non_pcpu_rt->rt6i_pcpu); |
| non_pcpu_rt->rt6i_pcpu = NULL; |
| } |
| |