git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kuniyuki Iwashima <kuniyu@amazon.com>
	Thu, 6 Oct 2022 18:53:46 +0000 (11:53 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 26 Apr 2023 09:18:57 +0000 (11:18 +0200)
commit	50808c71e0d7667517827ead15b352f9f3e4297c
tree	aefa98858f2a3fe7d96b928a472d7305bd201bfa	tree
parent	ae2c644049184f04f672e23d3fa8122631ef762e	commit \| diff

udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).

commit 21985f43376cee092702d6cb963ff97a9d2ede68 upstream.

Commit 4b340ae20d0e ("IPv6: Complete IPV6_DONTFRAG support") forgot
to add a change to free inet6_sk(sk)->rxpmtu while converting an IPv6
socket into IPv4 with IPV6_ADDRFORM. After conversion, sk_prot is
changed to udp_prot and ->destroy() never cleans it up, resulting in
a memory leak.

This is due to the discrepancy between inet6_destroy_sock() and
IPV6_ADDRFORM, so let's call inet6_destroy_sock() from IPV6_ADDRFORM
to remove the difference.

However, this is not enough for now because rxpmtu can be changed
without lock_sock() after commit 03485f2adcde ("udpv6: Add lockless
sendmsg() support"). We will fix this case in the following patch.

Note we will rename inet6_destroy_sock() to inet6_cleanup_sock() and
remove unnecessary inet6_destroy_sock() calls in sk_prot->destroy()
in the future.

Fixes: 4b340ae20d0e ("IPv6: Complete IPV6_DONTFRAG support")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/net/ipv6.h		diff \| blob \| blame \| history
net/ipv6/af_inet6.c		diff \| blob \| blame \| history
net/ipv6/ipv6_sockglue.c		diff \| blob \| blame \| history