2001-03-01 18:50:31

by mike_phillips

[permalink] [raw]
Subject: [PATCH] Memory Leak fix for ibmtr

Here is a small patch that fixes a memory leak in the ibmtr driver.

Basically the bug occurs because the skb->tail pointer is set past the end
of the skb data buffer. This causes problems when the skb's are cloned
(they are unabled to be freed properly). The result is a leak that
eventually will stop the system.

Mike Phillips
Linux Token Ring Project
http://www.linuxtr.net

--- linux.orig/drivers/net/tokenring/ibmtr.c Wed Feb 14 16:49:55 2001
+++ linux/drivers/net/tokenring/ibmtr.c Wed Feb 14 16:50:01 2001
@@ -1716,7 +1716,8 @@
}
#endif

- skb_size = length;
+ skb_size=(sizeof(struct trh_hdr)-lan_hdr_len+sizeof(struct
trllc)+15) & ~15;
+ skb_size+=length;

if (!(skb=dev_alloc_skb(skb_size))) {
DPRINTK("out of memory. frame dropped.\n");
@@ -1727,8 +1728,8 @@
return;
}

- skb_put(skb, length);
- skb_reserve(skb, sizeof(struct trh_hdr)-lan_hdr_len+sizeof(struct
trllc));
+ skb_reserve(skb, (sizeof(struct trh_hdr)-lan_hdr_len+sizeof(struct
trllc)+15) & ~15);
+ skb_put(skb,length);
skb->dev=dev;
data=skb->data;
rbuffer_len=ntohs(isa_readw(rbuffer + offsetof(struct rec_buf,
buf_len)));