ip_rt_put(rt) is always called in "error" branches above, but was missed in
skb_cow_head branch. As rt is not yet bound to skb here we have to release it by
hand.
Signed-off-by: Dmitry Popov <[email protected]>
---
net/ipv4/ip_tunnel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 2acc233..3f6135b 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -668,6 +668,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
dev->needed_headroom = max_headroom;
if (skb_cow_head(skb, dev->needed_headroom)) {
+ ip_rt_put(rt);
dev->stats.tx_dropped++;
kfree_skb(skb);
return;
From: Dmitry Popov <[email protected]>
Date: Fri, 6 Jun 2014 04:34:37 +0400
> ip_rt_put(rt) is always called in "error" branches above, but was missed in
> skb_cow_head branch. As rt is not yet bound to skb here we have to release it by
> hand.
>
> Signed-off-by: Dmitry Popov <[email protected]>
Applied, thanks.