[PATCH] net: drop skbs in napi->rx_list when removing the napi context.
Hillf Danton
hdanton at sina.com
Thu Aug 12 04:50:47 UTC 2021
On Thu, 12 Aug 2021 07:59:59 +0800 Nguyen Dinh Phi wrote:
>
> The napi->rx_list is used to hold the GRO_NORMAL skbs before passing
> them to the stack, these skbs only passed to stack at the flush time or
> when the list's weight matches the predefined condition. In case the
> rx_list contains pending skbs when we remove the napi context, we need
> to clean out this list, otherwise, a memory leak will happen.
Thanks for your fix.
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Signed-off-by: Nguyen Dinh Phi <phind.uet at gmail.com>
Reported-by: syzbot+989efe781c74de1ddb54 at syzkaller.appspotmail.com
---
net/core/dev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/core/dev.c b/net/core/dev.c
index b51e41d0a7fe..319fffc62ce6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -7038,6 +7038,13 @@ void __netif_napi_del(struct napi_struct *napi)
list_del_rcu(&napi->dev_list);
napi_free_frags(napi);
+ if (napi->rx_count) {
+ struct sk_buff *skb, *n;
+
+ list_for_each_entry_safe(skb, n, &napi->rx_list, list)
+ kfree_skb(skb);
+ }
+
flush_gro_hash(napi);
napi->gro_bitmask = 0;
--
2.25.1
More information about the Linux-kernel-mentees
mailing list