From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jianlin Shi <jishi@redhat.com>,
Sabrina Dubroca <sd@queasysnail.net>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.18 05/42] ipv6: fix memory leak with multiple tables during netns destruction
Date: Sun, 24 Sep 2017 22:27:40 +0200 [thread overview]
Message-ID: <20170924202650.201892645@linuxfoundation.org> (raw)
In-Reply-To: <20170924202649.994060798@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit ba1cc08d9488c94cb8d94f545305688b72a2a300 ]
fib6_net_exit only frees the main and local tables. If another table was
created with fib6_alloc_table, we leak it when the netns is destroyed.
Fix this in the same way ip_fib_net_exit cleans up tables, by walking
through the whole hashtable of fib6_table's. We can get rid of the
special cases for local and main, since they're also part of the
hashtable.
Reproducer:
ip netns add x
ip -net x -6 rule add from 6003:1::/64 table 100
ip netns del x
Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: 58f09b78b730 ("[NETNS][IPV6] ip6_fib - make it per network namespace")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_fib.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -160,6 +160,12 @@ static void rt6_release(struct rt6_info
dst_free(&rt->dst);
}
+static void fib6_free_table(struct fib6_table *table)
+{
+ inetpeer_invalidate_tree(&table->tb6_peers);
+ kfree(table);
+}
+
static void fib6_link_table(struct net *net, struct fib6_table *tb)
{
unsigned int h;
@@ -1782,15 +1788,22 @@ out_timer:
static void fib6_net_exit(struct net *net)
{
+ unsigned int i;
+
rt6_ifdown(net, NULL);
del_timer_sync(&net->ipv6.ip6_fib_timer);
-#ifdef CONFIG_IPV6_MULTIPLE_TABLES
- inetpeer_invalidate_tree(&net->ipv6.fib6_local_tbl->tb6_peers);
- kfree(net->ipv6.fib6_local_tbl);
-#endif
- inetpeer_invalidate_tree(&net->ipv6.fib6_main_tbl->tb6_peers);
- kfree(net->ipv6.fib6_main_tbl);
+ for (i = 0; i < FIB_TABLE_HASHSZ; i++) {
+ struct hlist_head *head = &net->ipv6.fib_table_hash[i];
+ struct hlist_node *tmp;
+ struct fib6_table *tb;
+
+ hlist_for_each_entry_safe(tb, tmp, head, tb6_hlist) {
+ hlist_del(&tb->tb6_hlist);
+ fib6_free_table(tb);
+ }
+ }
+
kfree(net->ipv6.fib_table_hash);
kfree(net->ipv6.rt6_stats);
}
next prev parent reply other threads:[~2017-09-24 20:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-24 20:27 [PATCH 3.18 00/42] 3.18.72-stable review Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 01/42] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 02/42] qlge: avoid memcpy buffer overflow Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 03/42] Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 04/42] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 Greg Kroah-Hartman
2017-09-24 20:27 ` Greg Kroah-Hartman [this message]
2017-09-24 20:27 ` [PATCH 3.18 06/42] ipv6: fix typo in fib6_net_exit() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 07/42] f2fs: check hot_data for roll-forward recovery Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 08/42] [PATCH] Revert "usb: musb: fix tx fifo flush handling again" Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 09/42] ip6_gre: fix endianness errors in ip6gre_err Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 10/42] Input: i8042 - add Gigabyte P57 to the keyboard reset table Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 11/42] [PATCH - RESEND] crypto: AF_ALG - remove SGL terminator indicator when chaining Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 12/42] ext4: fix incorrect quotaoff if the quota feature is enabled Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 13/42] powerpc: Fix DAR reporting when alignment handler faults Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 14/42] block: Relax a check in blk_start_queue() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 15/42] md/bitmap: disable bitmap_resize for file-backed bitmaps Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 16/42] skd: Avoid that module unloading triggers a use-after-free Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 17/42] skd: Submit requests to firmware before triggering the doorbell Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 18/42] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 19/42] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 20/42] scsi: zfcp: fix missing trace records for early returns in TMF eh handlers Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 21/42] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 22/42] scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 23/42] scsi: zfcp: trace high part of "new" 64 bit SCSI LUN Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 24/42] scsi: sg: remove save_scat_len Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 25/42] scsi: sg: use standard lists for sg_requests Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 26/42] scsi: sg: off by one in sg_ioctl() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 27/42] scsi: sg: factor out sg_fill_request_table() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 28/42] scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 29/42] scsi: qla2xxx: Fix an integer overflow in sysfs code Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 30/42] ftrace: Fix selftest goto location on error Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 31/42] tracing: Apply trace_clock changes to instance max buffer Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 32/42] ARC: Re-enable MMU upon Machine Check exception Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 33/42] PCI: shpchp: Enable bridge bus mastering if MSI is enabled Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 34/42] media: v4l2-compat-ioctl32: Fix timespec conversion Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 35/42] media: uvcvideo: Prevent heap overflow when accessing mapped controls Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 36/42] bcache: initialize dirty stripes in flash_dev_run() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 37/42] bcache: Fix leak of bdev reference Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 38/42] bcache: correct cache_dirty_target in __update_writeback_rate() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 39/42] bcache: Correct return value for sysfs attach errors Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 40/42] bcache: fix for gc and write-back race Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 41/42] bcache: fix bch_hprint crash and improve output Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 42/42] mac80211: flush hw_roc_start work before cancelling the ROC Greg Kroah-Hartman
2017-09-25 1:02 ` [PATCH 3.18 00/42] 3.18.72-stable review Guenter Roeck
2017-09-25 6:29 ` Greg Kroah-Hartman
2017-09-25 11:05 ` Guenter Roeck
2017-09-25 12:23 ` Greg Kroah-Hartman
2017-09-25 23:11 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170924202650.201892645@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=jishi@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).