git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Fri, 4 Jul 2025 06:23:52 +0000 (06:23 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Jul 2025 16:25:02 +0000 (18:25 +0200)
commit	2fb37ab3226606cbfc9b2b6f9e301b0b735734c5
tree	48dbddf35d7abed6dccf72b588da199c805a88ae	tree
parent	a4c5785feb979cd996a99cfaad8bf353b2e79301	commit \| diff

atm: clip: Fix memory leak of struct clip_vcc.

[ Upstream commit 62dba28275a9a3104d4e33595c7b3328d4032d8d ]

ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to
vcc->user_back.

The code assumes that vcc_destroy_socket() passes NULL skb
to vcc->push() when the socket is close()d, and then clip_push()
frees clip_vcc.

However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in
atm_init_atmarp(), resulting in memory leak.

Let's serialise two ioctl() by lock_sock() and check vcc->push()
in atm_init_atmarp() to prevent memleak.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250704062416.1613927-3-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>