From: Sasha Levin <sashal@kernel.org>
Date: Tue, 8 Jun 2021 12:57:27 +0000 (-0400)
Subject: Drop net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
X-Git-Tag: v4.4.272~44^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc3fcecd259e8a39edbb0c91f1573a740f550bf3;p=thirdparty%2Fkernel%2Fstable-queue.git

Drop net-kcm-fix-memory-leak-in-kcm_sendmsg.patch

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.14/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-4.14/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index a18b1cb2e75..00000000000
--- a/queue-4.14/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1067,6 +1067,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-4.14/series b/queue-4.14/series
index b4d8b365b54..eff7ce2e064 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -12,7 +12,6 @@ ieee802154-fix-error-return-code-in-ieee802154_add_i.patch
 ieee802154-fix-error-return-code-in-ieee802154_llsec.patch
 bluetooth-fix-the-erroneous-flush_work-order.patch
 bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch
diff --git a/queue-4.19/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-4.19/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index a18b1cb2e75..00000000000
--- a/queue-4.19/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1067,6 +1067,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-4.19/series b/queue-4.19/series
index 0090da602a2..9817bf1d1b8 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -18,7 +18,6 @@ tipc-add-extack-messages-for-bearer-media-failure.patch
 tipc-fix-unique-bearer-names-sanity-check.patch
 bluetooth-fix-the-erroneous-flush_work-order.patch
 bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch
diff --git a/queue-4.9/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-4.9/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index 889d7113d5e..00000000000
--- a/queue-4.9/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1065,6 +1065,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-4.9/series b/queue-4.9/series
index b4d8b365b54..eff7ce2e064 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -12,7 +12,6 @@ ieee802154-fix-error-return-code-in-ieee802154_add_i.patch
 ieee802154-fix-error-return-code-in-ieee802154_llsec.patch
 bluetooth-fix-the-erroneous-flush_work-order.patch
 bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch
diff --git a/queue-5.10/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-5.10/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index 691317364de..00000000000
--- a/queue-5.10/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1066,6 +1066,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-5.10/series b/queue-5.10/series
index af4e0cb0224..92d13c58c95 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -86,7 +86,6 @@ wireguard-allowedips-initialize-list-head-in-selftest.patch
 wireguard-allowedips-remove-nodes-in-o-1.patch
 wireguard-allowedips-allocate-nodes-in-kmem_cache.patch
 wireguard-allowedips-free-empty-intermediate-nodes-when-removing-single-node.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch
diff --git a/queue-5.12/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-5.12/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index 691317364de..00000000000
--- a/queue-5.12/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1066,6 +1066,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-5.12/series b/queue-5.12/series
index 71e6166eaa8..267fe1f7b91 100644
--- a/queue-5.12/series
+++ b/queue-5.12/series
@@ -100,7 +100,6 @@ wireguard-allowedips-initialize-list-head-in-selftest.patch
 wireguard-allowedips-remove-nodes-in-o-1.patch
 wireguard-allowedips-allocate-nodes-in-kmem_cache.patch
 wireguard-allowedips-free-empty-intermediate-nodes-when-removing-single-node.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch
diff --git a/queue-5.4/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch b/queue-5.4/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
deleted file mode 100644
index da2decb70df..00000000000
--- a/queue-5.4/net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
-	if (head == skb)
-		skb_shinfo(head)->frag_list = tskb;
-	else
-		skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
-  [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
-  [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
-  [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
-  [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
-  [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1068,6 +1068,11 @@ out_error:
- 		goto partial_message;
- 	}
- 
-+	if (skb_has_frag_list(head)) {
-+		kfree_skb_list(skb_shinfo(head)->frag_list);
-+		skb_shinfo(head)->frag_list = NULL;
-+	}
-+
- 	if (head != kcm->seq_skb)
- 		kfree_skb(head);
- 
diff --git a/queue-5.4/series b/queue-5.4/series
index fcf0db72665..b3c51707b57 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -37,7 +37,6 @@ tipc-add-extack-messages-for-bearer-media-failure.patch
 tipc-fix-unique-bearer-names-sanity-check.patch
 bluetooth-fix-the-erroneous-flush_work-order.patch
 bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
 net-caif-added-cfserl_release-function.patch
 net-caif-add-proper-error-handling.patch
 net-caif-fix-memory-leak-in-caif_device_notify.patch