Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:11 +0100
committerTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:15 +0100
commit953f241148b9240eac5476c549ccc99f60d21cee (patch)
tree61fc827f413752c4769e8bdcba10cbe10cef3a9a
parent8ea778d5a19146f9a230c09a7ea06bf00af59ed7 (diff)
esp: Fix memleaks on error paths (bsc#1051510).
-rw-r--r--patches.fixes/esp-Fix-memleaks-on-error-paths.patch121
-rw-r--r--series.conf1
2 files changed, 122 insertions, 0 deletions
diff --git a/patches.fixes/esp-Fix-memleaks-on-error-paths.patch b/patches.fixes/esp-Fix-memleaks-on-error-paths.patch
new file mode 100644
index 0000000000..c617629049
--- /dev/null
+++ b/patches.fixes/esp-Fix-memleaks-on-error-paths.patch
@@ -0,0 +1,121 @@
+From e6194923237f3952b955c343b65b211f36bce01c Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Thu, 13 Jul 2017 09:13:30 +0200
+Subject: [PATCH] esp: Fix memleaks on error paths.
+Git-commit: e6194923237f3952b955c343b65b211f36bce01c
+Patch-mainline: v4.13
+References: bsc#1051510
+
+We leak the temporary allocated resources in error paths,
+fix this by freeing them.
+
+Fixes: fca11ebde3f ("esp4: Reorganize esp_output")
+Fixes: 383d0350f2c ("esp6: Reorganize esp_output")
+Fixes: 3f29770723f ("ipsec: check return value of skb_to_sgvec always")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/esp4.c | 13 ++++++++-----
+ net/ipv6/esp6.c | 9 +++++----
+ 2 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 0cbee0a666ff..dbb31a942dfa 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -381,7 +381,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -392,7 +392,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ spin_lock_bh(&x->lock);
+ if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
+ spin_unlock_bh(&x->lock);
+- goto error;
++ goto error_free;
+ }
+
+ skb_shinfo(skb)->nr_frags = 1;
+@@ -409,7 +409,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -442,8 +442,9 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+
+ if (sg != dsg)
+ esp_ssg_unref(x, tmp);
+- kfree(tmp);
+
++error_free:
++ kfree(tmp);
+ error:
+ return err;
+ }
+@@ -695,8 +696,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
+
+ sg_init_table(sg, nfrags);
+ err = skb_to_sgvec(skb, sg, 0, skb->len);
+- if (unlikely(err < 0))
++ if (unlikely(err < 0)) {
++ kfree(tmp);
+ goto out;
++ }
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 9ed35473dcb5..392def1fcf21 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -345,7 +345,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -356,7 +356,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ spin_lock_bh(&x->lock);
+ if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
+ spin_unlock_bh(&x->lock);
+- goto error;
++ goto error_free;
+ }
+
+ skb_shinfo(skb)->nr_frags = 1;
+@@ -373,7 +373,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -406,8 +406,9 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+
+ if (sg != dsg)
+ esp_ssg_unref(x, tmp);
+- kfree(tmp);
+
++error_free:
++ kfree(tmp);
+ error:
+ return err;
+ }
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 4cfe5820c1..47f3149a4c 100644
--- a/series.conf
+++ b/series.conf
@@ -4405,6 +4405,7 @@
patches.suse/0001-dm-fix-printk-rate-limiting-code.patch
patches.drivers/nvme-rdma-default-MR-page-size-to-4k.patch
patches.drivers/nvme-pci-use-dma-memory-for-the-host-memory-buffer-d.patch
+ patches.fixes/esp-Fix-memleaks-on-error-paths.patch
patches.fixes/esp-Fix-error-handling-on-layer-2-xmit.patch
patches.fixes/tipc-remove-subscription-references-only-for-pending.patch
patches.drivers/net-sched-fix-use-after-free-when-tcf_chain_destroy-.patch