diff options
| author | Andrea Mayer <[email protected]> | 2024-05-17 16:45:41 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2024-05-20 10:36:34 +0000 |
| commit | 5447f9708d9e4c17a647b16a9cb29e9e02820bd9 (patch) | |
| tree | f6b90fb436efa749f85335084d66ecaf5cf1f093 /net/unix/af_unix.c | |
| parent | net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled (diff) | |
| download | kernel-5447f9708d9e4c17a647b16a9cb29e9e02820bd9.tar.gz kernel-5447f9708d9e4c17a647b16a9cb29e9e02820bd9.zip | |
ipv6: sr: fix missing sk_buff release in seg6_input_core
The seg6_input() function is responsible for adding the SRH into a
packet, delegating the operation to the seg6_input_core(). This function
uses the skb_cow_head() to ensure that there is sufficient headroom in
the sk_buff for accommodating the link-layer header.
In the event that the skb_cow_header() function fails, the
seg6_input_core() catches the error but it does not release the sk_buff,
which will result in a memory leak.
This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due
to headroom too small after SRH push") and persists even after commit
7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"),
where the entire seg6_input() code was refactored to deal with netfilter
hooks.
The proposed patch addresses the identified memory leak by requiring the
seg6_input_core() function to release the sk_buff in the event that
skb_cow_head() fails.
Fixes: af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push")
Signed-off-by: Andrea Mayer <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
Reviewed-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions