Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5749503rwb; Wed, 9 Aug 2023 08:37:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFPQh9iV4rPKGnI/jupzTiwP4aWRzXRmN2RiLYBTSdkyJqIRQ+cBG1hxp63phYK7xCi7bp3 X-Received: by 2002:a17:902:dac3:b0:1bb:f669:e856 with SMTP id q3-20020a170902dac300b001bbf669e856mr17031663plx.27.1691595462353; Wed, 09 Aug 2023 08:37:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691595462; cv=none; d=google.com; s=arc-20160816; b=BeSYb/mhXvdVSsTHwb8fYCMjIwCmu6FAhyErJy3nxtn2nHOFB8aNuQ8vmF4zQ3UJSt nZIefSQQl06wZnCWxlsukCkPsZUkp6iLnQJANq9a+XMxoXAm4sSO8pUHKoXsf/uNgY21 ME6oZSh57VHDv9D7kqi3QxNGqcDZQPN1cHjfw6z6zBWkE3xVD2WomZLLnzmA07F/5cpM FHBS2xz4df1fcp9qGBXOaZZzf20rPiKgWbrcI0XbIZ2uS++C8blGZiz+DO2a+dAJtPF4 7zeuUzmNsqTjTMe8baKu4qIGIw/o4PLG+w0YquPsV24Psstx1rZoHQsiojBgXMsTBmDQ NIzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=JjbqZMZcF7SvDfZFLqUbMSSV7FMRWiQrPnMyUknpIKo=; fh=Os4rQwS3i7IUNY8Y8Ap1ByBsbDhataKm+i08ysRyOwg=; b=LRVkZqfjjiZCGvOy2qF83Z0406Nk0a7lCGTa2RIcmIMQOQBy/jXpRKhOPkvEgRLJk6 16/4uvVqSEjzc9NigL6cc1BZTNjeHNl1oRR5p3RKy4fMhJGfiU+WvElkG0QolWfieZER ZSoFH6P/Fe7oRADwT/gHTl+C9Vj7ym1l8pn18PGSkRVXEtUbJMfhF+gcSiDw9oCn0pAD x3fQC2Ss0JuG7/IJpRGbsesc1VonRbF1Nv8mdQXQ9IfLZiQuP3Te3kD/VKlSyV/7LSvS 8ArR4PyB7asC/s1dr3nO9WC98igzWXUwj25OBL7CuYA49sZu4oXnjpB8iuthzf3DzElw HhwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ku8-20020a170903288800b001b887c89a8dsi9184128plb.521.2023.08.09.08.37.27; Wed, 09 Aug 2023 08:37:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233061AbjHIP2b (ORCPT + 99 others); Wed, 9 Aug 2023 11:28:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229886AbjHIP2P (ORCPT ); Wed, 9 Aug 2023 11:28:15 -0400 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::224]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 711B5E7F; Wed, 9 Aug 2023 08:28:13 -0700 (PDT) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7382CE000B; Wed, 9 Aug 2023 15:28:10 +0000 (UTC) From: Remi Pommarel To: Marek Lindner , Simon Wunderlich , Antonio Quartulli , Sven Eckelmann Cc: "David S. Miller" , Eric Dumazet , b.a.t.m.a.n@lists.open-mesh.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Remi Pommarel , stable@vger.kernel.org Subject: [PATCH net] batman-adv: Fix batadv_v_ogm_aggr_send memory leak Date: Wed, 9 Aug 2023 17:29:13 +0200 Message-Id: <20230809152913.27218-1-repk@triplefau.lt> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-GND-Sasl: repk@triplefau.lt X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When batadv_v_ogm_aggr_send is called for an inactive interface, the skb is silently dropped by batadv_v_ogm_send_to_if() but never freed causing the following memory leak: unreferenced object 0xffff00000c164800 (size 512): comm "kworker/u8:1", pid 2648, jiffies 4295122303 (age 97.656s) hex dump (first 32 bytes): 00 80 af 09 00 00 ff ff e1 09 00 00 75 01 60 83 ............u.`. 1f 00 00 00 b8 00 00 00 15 00 05 00 da e3 d3 64 ...............d backtrace: [<0000000007ad20f6>] __kmalloc_track_caller+0x1a8/0x310 [<00000000d1029e55>] kmalloc_reserve.constprop.0+0x70/0x13c [<000000008b9d4183>] __alloc_skb+0xec/0x1fc [<00000000c7af5051>] __netdev_alloc_skb+0x48/0x23c [<00000000642ee5f5>] batadv_v_ogm_aggr_send+0x50/0x36c [<0000000088660bd7>] batadv_v_ogm_aggr_work+0x24/0x40 [<0000000042fc2606>] process_one_work+0x3b0/0x610 [<000000002f2a0b1c>] worker_thread+0xa0/0x690 [<0000000059fae5d4>] kthread+0x1fc/0x210 [<000000000c587d3a>] ret_from_fork+0x10/0x20 Free the skb in that case to fix this leak. Cc: stable@vger.kernel.org Fixes: 0da0035942d4 ("batman-adv: OGMv2 - add basic infrastructure") Signed-off-by: Remi Pommarel --- net/batman-adv/bat_v_ogm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index e710e9afe78f..445b06fc0d90 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -123,8 +123,10 @@ static void batadv_v_ogm_send_to_if(struct sk_buff *skb, { struct batadv_priv *bat_priv = netdev_priv(hard_iface->soft_iface); - if (hard_iface->if_status != BATADV_IF_ACTIVE) + if (hard_iface->if_status != BATADV_IF_ACTIVE) { + kfree_skb(skb); return; + } batadv_inc_counter(bat_priv, BATADV_CNT_MGMT_TX); batadv_add_counter(bat_priv, BATADV_CNT_MGMT_TX_BYTES, -- 2.40.0