Skip to content

Commit 0f5907a

Browse files
MiaoheLindavem330
MiaoheLin
authored and
davem330
committed
net: Fix potential memory leak in proto_register()
If we failed to assign proto idx, we free the twsk_slab_name but forget to free the twsk_slab. Add a helper function tw_prot_cleanup() to free these together and also use this helper function in proto_unregister(). Fixes: b45ce32 ("sock: fix potential memory leak in proto_register()") Signed-off-by: Miaohe Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 50caa77 commit 0f5907a

File tree

1 file changed

+15
-10
lines changed

1 file changed

+15
-10
lines changed

net/core/sock.c

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3406,6 +3406,16 @@ static void sock_inuse_add(struct net *net, int val)
34063406
}
34073407
#endif
34083408

3409+
static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
3410+
{
3411+
if (!twsk_prot)
3412+
return;
3413+
kfree(twsk_prot->twsk_slab_name);
3414+
twsk_prot->twsk_slab_name = NULL;
3415+
kmem_cache_destroy(twsk_prot->twsk_slab);
3416+
twsk_prot->twsk_slab = NULL;
3417+
}
3418+
34093419
static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
34103420
{
34113421
if (!rsk_prot)
@@ -3476,23 +3486,23 @@ int proto_register(struct proto *prot, int alloc_slab)
34763486
prot->slab_flags,
34773487
NULL);
34783488
if (prot->twsk_prot->twsk_slab == NULL)
3479-
goto out_free_timewait_sock_slab_name;
3489+
goto out_free_timewait_sock_slab;
34803490
}
34813491
}
34823492

34833493
mutex_lock(&proto_list_mutex);
34843494
ret = assign_proto_idx(prot);
34853495
if (ret) {
34863496
mutex_unlock(&proto_list_mutex);
3487-
goto out_free_timewait_sock_slab_name;
3497+
goto out_free_timewait_sock_slab;
34883498
}
34893499
list_add(&prot->node, &proto_list);
34903500
mutex_unlock(&proto_list_mutex);
34913501
return ret;
34923502

3493-
out_free_timewait_sock_slab_name:
3503+
out_free_timewait_sock_slab:
34943504
if (alloc_slab && prot->twsk_prot)
3495-
kfree(prot->twsk_prot->twsk_slab_name);
3505+
tw_prot_cleanup(prot->twsk_prot);
34963506
out_free_request_sock_slab:
34973507
if (alloc_slab) {
34983508
req_prot_cleanup(prot->rsk_prot);
@@ -3516,12 +3526,7 @@ void proto_unregister(struct proto *prot)
35163526
prot->slab = NULL;
35173527

35183528
req_prot_cleanup(prot->rsk_prot);
3519-
3520-
if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
3521-
kmem_cache_destroy(prot->twsk_prot->twsk_slab);
3522-
kfree(prot->twsk_prot->twsk_slab_name);
3523-
prot->twsk_prot->twsk_slab = NULL;
3524-
}
3529+
tw_prot_cleanup(prot->twsk_prot);
35253530
}
35263531
EXPORT_SYMBOL(proto_unregister);
35273532

0 commit comments

Comments
 (0)