On Fri, May 3, 2019 at 7:17 AM Eric Dumazet <eduma...@google.com> wrote: > > On Fri, May 3, 2019 at 7:12 AM Eric Dumazet <eduma...@google.com> wrote: > >
> > I will send the following fix > > > > diff --git a/include/net/ipv6_frag.h b/include/net/ipv6_frag.h > > index > > 28aa9b30aeceac9a86ee6754e4b5809be115e947..d3152811b8962705a508b3fd31d2157dd19ae8e5 > > 100644 > > --- a/include/net/ipv6_frag.h > > +++ b/include/net/ipv6_frag.h > > @@ -94,11 +94,9 @@ ip6frag_expire_frag_queue(struct net *net, struct > > frag_queue *fq) > > goto out; > > > > head->dev = dev; > > - skb_get(head); > > spin_unlock(&fq->q.lock); > > > > icmpv6_send(head, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0); > > - kfree_skb(head); > > Oh well, we want to keep the kfree_skb() of course. > > Only the skb_get(head) needs to be removed (this would fix memory leak > I presume... :/ ) Official submission : https://patchwork.ozlabs.org/patch/1094854/ ip6: fix skb leak in ip6frag_expire_frag_queue() Thanks a lot Stefan for bringing up this issue to our attention !
