APPLIED/cmt: [PATCH SRU E/D/B] xfrm: Fix memleak on xfrm state destroy

Stefan Bader stefan.bader at canonical.com
Mon Dec 2 08:21:26 UTC 2019 

On 02.12.19 08:52, Khaled Elmously wrote:
> The patch didn't apply cleanly to Bionic. The affected function was called xfrm_state_gc_destroy() in Bionic (not ___xfrm_state_destroy()). 
> 
> I updated the patch for Bionic accordingly.
> 
> On 2019-11-29 13:05:39 , Stefan Bader wrote:
>> From: Steffen Klassert <steffen.klassert at secunet.com>
>>
>> We leak the page that we use to create skb page fragments
>> when destroying the xfrm_state. Fix this by dropping a
>> page reference if a page was assigned to the xfrm_state.
>>
>> Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
>> Reported-by: JD <jdtxs00 at gmail.com>
>> Reported-by: Paul Wouters <paul at nohats.ca>
>> Signed-off-by: Steffen Klassert <steffen.klassert at secunet.com>
>>
>> BugLink: https://bugs.launchpad.net/bugs/1853197
>>
>> (cherry picked from commit 86c6739eda7d2a03f2db30cbee67a5fb81afa8ba)
>> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
>> ---
>>
>> This fixes a memory leak which appears to loose 8 pages for each ipsec
>> connection that is done. Issue was introduced in v4.11 and fixed in v5.4
>> so unstable should have it.
>>
>> Needs -C2 to apply to Bionic [build-tested in Bionic, too].

You might read the comments ^

>>
>>  net/xfrm/xfrm_state.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
>> index c6f3c4a1bd99..f3423562d933 100644
>> --- a/net/xfrm/xfrm_state.c
>> +++ b/net/xfrm/xfrm_state.c
>> @@ -495,6 +495,8 @@ static void ___xfrm_state_destroy(struct xfrm_state *x)
>>  		x->type->destructor(x);
>>  		xfrm_put_type(x->type);
>>  	}
>> +	if (x->xfrag.page)
>> +		put_page(x->xfrag.page);
>>  	xfrm_dev_state_free(x);
>>  	security_xfrm_state_free(x);
>>  	xfrm_state_free(x);
>> -- 
>> 2.17.1
>>
>>
>> -- 
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20191202/0fb75287/attachment.sig>

More information about the kernel-team mailing list