aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-01-11 01:06:32 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2007-01-23 23:25:39 -0500
commite0e8f1c8220c43bdf25cfb5622f6ab6947027fb1 (patch)
tree545e9985c6fc2e9b7e1a9019ce48ce05b848d0d6
parent419dd8378dfa32985672ab7927b4bc827f33b332 (diff)
[IPSEC] flow: Fix potential memory leak
When old flow cache entries that are not at the head of their chain trigger a transient security error they get unlinked along with all the entries preceding them in the chain. The preceding entries are not freed correctly. This patch fixes this by simply leaving the entry around. It's based on a suggestion by Venkat Yekkirala. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/core/flow.c26
1 files changed, 10 insertions, 16 deletions
diff --git a/net/core/flow.c b/net/core/flow.c
index d137f971f97d..5d25697920b1 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -231,22 +231,16 @@ nocache:
231 231
232 err = resolver(key, family, dir, &obj, &obj_ref); 232 err = resolver(key, family, dir, &obj, &obj_ref);
233 233
234 if (fle) { 234 if (fle && !err) {
235 if (err) { 235 fle->genid = atomic_read(&flow_cache_genid);
236 /* Force security policy check on next lookup */ 236
237 *head = fle->next; 237 if (fle->object)
238 flow_entry_kill(cpu, fle); 238 atomic_dec(fle->object_ref);
239 } else { 239
240 fle->genid = atomic_read(&flow_cache_genid); 240 fle->object = obj;
241 241 fle->object_ref = obj_ref;
242 if (fle->object) 242 if (obj)
243 atomic_dec(fle->object_ref); 243 atomic_inc(fle->object_ref);
244
245 fle->object = obj;
246 fle->object_ref = obj_ref;
247 if (obj)
248 atomic_inc(fle->object_ref);
249 }
250 } 244 }
251 local_bh_enable(); 245 local_bh_enable();
252 246