git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Fri, 4 Jul 2025 06:23:52 +0000 (06:23 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Jul 2025 16:32:06 +0000 (18:32 +0200)
commit	0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90
tree	6b70e7286956588d08b386b117526b9630d4f320	tree
parent	ee4d9e4ddf3f9c4ee2ec0a3aad6196ee36d30e57	commit \| diff

atm: clip: Fix memory leak of struct clip_vcc.

[ Upstream commit 62dba28275a9a3104d4e33595c7b3328d4032d8d ]

ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to
vcc->user_back.

The code assumes that vcc_destroy_socket() passes NULL skb
to vcc->push() when the socket is close()d, and then clip_push()
frees clip_vcc.

However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in
atm_init_atmarp(), resulting in memory leak.

Let's serialise two ioctl() by lock_sock() and check vcc->push()
in atm_init_atmarp() to prevent memleak.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250704062416.1613927-3-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>