diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2007-11-26 20:23:31 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2007-11-26 20:23:31 +0800 |
commit | 218ad12f42e0b6207105cde8fd13017d1ed449e4 (patch) | |
tree | 2f79b20a20ccfeeea1f44b82d9ec2ef0eb2758de /include/net | |
parent | 8053fc3de720e1027d690f892ff7d7c1737fdd9d (diff) | |
download | kernel-crypto-218ad12f42e0b6207105cde8fd13017d1ed449e4.tar.gz kernel-crypto-218ad12f42e0b6207105cde8fd13017d1ed449e4.tar.xz kernel-crypto-218ad12f42e0b6207105cde8fd13017d1ed449e4.zip |
[IPV4]: Fix memory leak in inet_hashtables.h when NUMA is on
The inet_ehash_locks_alloc() looks like this:
#ifdef CONFIG_NUMA
if (size > PAGE_SIZE)
x = vmalloc(...);
else
#endif
x = kmalloc(...);
Unlike it, the inet_ehash_locks_alloc() looks like this:
#ifdef CONFIG_NUMA
if (size > PAGE_SIZE)
vfree(x);
else
#else
kfree(x);
#endif
The error is obvious - if the NUMA is on and the size
is less than the PAGE_SIZE we leak the pointer (kfree is
inside the #else branch).
Compiler doesn't warn us because after the kfree(x) there's
a "x = NULL" assignment, so here's another (minor?) bug: we
don't set x to NULL under certain circumstances.
Boring explanation, I know... Patch explains it better.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/inet_hashtables.h | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index 469216d9366..37f6cb11212 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -186,9 +186,8 @@ static inline void inet_ehash_locks_free(struct inet_hashinfo *hashinfo) if (size > PAGE_SIZE) vfree(hashinfo->ehash_locks); else -#else - kfree(hashinfo->ehash_locks); #endif + kfree(hashinfo->ehash_locks); hashinfo->ehash_locks = NULL; } } |