diff options
Diffstat (limited to 'meta-aspeed/recipes-kernel/linux/files/patch-2.6.28.9/0028-ipv6-Plug-sk_buff-leak-in-ipv6_rcv-net-ipv6-ip6_inpu.patch')
-rw-r--r-- | meta-aspeed/recipes-kernel/linux/files/patch-2.6.28.9/0028-ipv6-Plug-sk_buff-leak-in-ipv6_rcv-net-ipv6-ip6_inpu.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-aspeed/recipes-kernel/linux/files/patch-2.6.28.9/0028-ipv6-Plug-sk_buff-leak-in-ipv6_rcv-net-ipv6-ip6_inpu.patch b/meta-aspeed/recipes-kernel/linux/files/patch-2.6.28.9/0028-ipv6-Plug-sk_buff-leak-in-ipv6_rcv-net-ipv6-ip6_inpu.patch new file mode 100644 index 0000000..2ab10b6 --- /dev/null +++ b/meta-aspeed/recipes-kernel/linux/files/patch-2.6.28.9/0028-ipv6-Plug-sk_buff-leak-in-ipv6_rcv-net-ipv6-ip6_inpu.patch @@ -0,0 +1,52 @@ +From 71f6f6dfdf7c7a67462386d9ea05c1095a89c555 Mon Sep 17 00:00:00 2001 +From: Jesper Nilsson <jesper.nilsson@axis.com> +Date: Fri, 27 Mar 2009 00:17:45 -0700 +Subject: [PATCH] ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c) + +Commit 778d80be52699596bf70e0eb0761cf5e1e46088d +(ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface) +seems to have introduced a leak of sk_buff's for ipv6 traffic, +at least in some configurations where idev is NULL, or when ipv6 +is disabled via sysctl. + +The problem is that if the first condition of the if-statement +returns non-NULL, it returns an skb with only one reference, +and when the other conditions apply, execution jumps to the "out" +label, which does not call kfree_skb for it. + +To plug this leak, change to use the "drop" label instead. +(this relies on it being ok to call kfree_skb on NULL) +This also allows us to avoid calling rcu_read_unlock here, +and removes the only user of the "out" label. + +Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv6/ip6_input.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c +index f171e8d..8f04bd9 100644 +--- a/net/ipv6/ip6_input.c ++++ b/net/ipv6/ip6_input.c +@@ -75,8 +75,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || + !idev || unlikely(idev->cnf.disable_ipv6)) { + IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDISCARDS); +- rcu_read_unlock(); +- goto out; ++ goto drop; + } + + memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); +@@ -147,7 +146,6 @@ err: + drop: + rcu_read_unlock(); + kfree_skb(skb); +-out: + return 0; + } + +-- +1.8.1 + |