* [PATCH 5.10] netdevsim: Fix memory leak of nsim_dev->fa_cookie
@ 2026-06-19 9:15 Mikhail Dmitrichenko
2026-06-20 11:55 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Mikhail Dmitrichenko @ 2026-06-19 9:15 UTC (permalink / raw)
To: stable, Greg Kroah-Hartman
Cc: Mikhail Dmitrichenko, Jakub Kicinski, David S. Miller, Jiri Pirko,
Ido Schimmel, netdev, linux-kernel, Andrew Lunn, Eric Dumazet,
Paolo Abeni, Jiri Pirko, lvc-project, Wang Yufen
From: Wang Yufen <wangyufen@huawei.com>
commit 064bc7312bd09a48798418663090be0c776183db upstream.
kmemleak reports this issue:
unreferenced object 0xffff8881bac872d0 (size 8):
comm "sh", pid 58603, jiffies 4481524462 (age 68.065s)
hex dump (first 8 bytes):
04 00 00 00 de ad be ef ........
backtrace:
[<00000000c80b8577>] __kmalloc+0x49/0x150
[<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]
[<0000000093d78e77>] full_proxy_write+0xf3/0x180
[<000000005a662c16>] vfs_write+0x1c5/0xaf0
[<000000007aabf84a>] ksys_write+0xed/0x1c0
[<000000005f1d2e47>] do_syscall_64+0x3b/0x90
[<000000006001c6ec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
The issue occurs in the following scenarios:
nsim_dev_trap_fa_cookie_write()
kmalloc() fa_cookie
nsim_dev->fa_cookie = fa_cookie
..
nsim_drv_remove()
The fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To
fix, add kfree(nsim_dev->fa_cookie) to nsim_drv_remove().
Fixes: d3cbb907ae57 ("netdevsim: add ACL trap reporting cookie as a metadata")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Link: https://lore.kernel.org/r/1668504625-14698-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ The context change is due to the commit 5e388f3dc38c
("netdevsim: move vfconfig to nsim_dev") in v5.16
which is irrelevant to the logic of this patch. ]
Signed-off-by: Mikhail Dmitrichenko <mdmitrichenko@astralinux.ru>
---
Backport fix for CVE-2022-49803
drivers/net/netdevsim/dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c
index c8834ea84732..a106365ce485 100644
--- a/drivers/net/netdevsim/dev.c
+++ b/drivers/net/netdevsim/dev.c
@@ -1173,6 +1173,7 @@ void nsim_dev_remove(struct nsim_bus_dev *nsim_bus_dev)
ARRAY_SIZE(nsim_devlink_params));
devlink_unregister(devlink);
devlink_resources_unregister(devlink, NULL);
+ kfree(nsim_dev->fa_cookie);
devlink_free(devlink);
}
--
2.47.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 5.10] netdevsim: Fix memory leak of nsim_dev->fa_cookie
2026-06-19 9:15 [PATCH 5.10] netdevsim: Fix memory leak of nsim_dev->fa_cookie Mikhail Dmitrichenko
@ 2026-06-20 11:55 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2026-06-20 11:55 UTC (permalink / raw)
To: stable, Greg Kroah-Hartman
Cc: Sasha Levin, Mikhail Dmitrichenko, Jakub Kicinski,
David S. Miller, Jiri Pirko, Ido Schimmel, netdev, linux-kernel,
Andrew Lunn, Eric Dumazet, Paolo Abeni, Jiri Pirko, lvc-project,
Wang Yufen
> [PATCH 5.10] netdevsim: Fix memory leak of nsim_dev->fa_cookie
Queued for 5.10, thanks.
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-20 11:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-19 9:15 [PATCH 5.10] netdevsim: Fix memory leak of nsim_dev->fa_cookie Mikhail Dmitrichenko
2026-06-20 11:55 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox