Acked-by: Tung Nguyen <tung.q.ngu...@dektech.com.au>
-----Original Message-----
From: Hoang Huu Le <hoang.h...@dektech.com.au>
Sent: Monday, April 12, 2021 4:02 PM
To: lyl2...@mail.ustc.edu.cn; da...@davemloft.net;
tipc-discussion@lists.sourceforge.net; jma...@redhat.com; ma...@donjonn.com;
ying....@windriver.com; Tung Quang Nguyen <tung.q.ngu...@dektech.com.au>
Subject: [net] Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
This reverts commit 6bf24dc0cc0cc43b29ba344b66d78590e687e046.
Above fix is not correct and caused memory leak issue:
In the function tipc_skb_peek, skb's refcnt increasing. Then
we have to call kfree_skb twice to decrease skb's refcnt and
free a skb.
Signed-off-by: Hoang Le <hoang.h...@dektech.com.au>
---
net/tipc/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 58935cd0d068..f21162aa0cf7 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1262,7 +1262,7 @@ void tipc_sk_mcast_rcv(struct net *net, struct
sk_buff_head *arrvq,
spin_lock_bh(&inputq->lock);
if (skb_peek(arrvq) == skb) {
skb_queue_splice_tail_init(&tmpq, inputq);
- __skb_dequeue(arrvq);
+ kfree_skb(__skb_dequeue(arrvq));
}
spin_unlock_bh(&inputq->lock);
__skb_queue_purge(&tmpq);
--
2.25.1
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
