kfree_s expects a pointer and a size argument. Currently the sizeof(cache) is used as size argument, this is certainly not what was intented.
For reference, this code was present in Linux up to version 2.3.14 and was replaced in 2.3.15. Found using coccinelle and https://raw.github.com/coccinelle/coccinellery/master/sz/sz.cocci. * pfinet/linux-src/net/ipv4/ipmr.c (ipmr_cache_delete): Fix kfree_s call. --- pfinet/linux-src/net/ipv4/ipmr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfinet/linux-src/net/ipv4/ipmr.c b/pfinet/linux-src/net/ipv4/ipmr.c index cd51cd9..904ad29 100644 --- a/pfinet/linux-src/net/ipv4/ipmr.c +++ b/pfinet/linux-src/net/ipv4/ipmr.c @@ -332,7 +332,7 @@ static void ipmr_cache_delete(struct mfc_cache *cache) kfree_skb(skb); } } - kfree_s(cache,sizeof(cache)); + kfree_s(cache,sizeof(struct mfc_cache)); } /* -- 1.7.10.4
