git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Fri, 4 Jul 2025 06:23:52 +0000 (06:23 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Jul 2025 16:35:10 +0000 (18:35 +0200)
commit	1fb9fb5a4b5cec2d56e26525ef8c519de858fa60
tree	d4dffdcf261e09690c3e2142ba29dd3dbd1fa867	tree \| snapshot
parent	06935c50cfa3ac57cce80bba67b6d38ec1406e92	commit \| diff

atm: clip: Fix memory leak of struct clip_vcc.

[ Upstream commit 62dba28275a9a3104d4e33595c7b3328d4032d8d ]

ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to
vcc->user_back.

The code assumes that vcc_destroy_socket() passes NULL skb
to vcc->push() when the socket is close()d, and then clip_push()
frees clip_vcc.

However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in
atm_init_atmarp(), resulting in memory leak.

Let's serialise two ioctl() by lock_sock() and check vcc->push()
in atm_init_atmarp() to prevent memleak.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250704062416.1613927-3-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>