From b4e09b29c73e3bf09be1652bbf19585a2363a10a Mon Sep 17 00:00:00 2001 From: Toshiaki Makita Date: Wed, 13 Nov 2013 17:26:14 +0900 Subject: bridge: Fix memory leak when deleting bridge with vlan filtering enabled We currently don't call br_vlan_flush() when deleting a bridge, which leads to memory leak if br->vlan_info is allocated. Steps to reproduce: while : do brctl addbr br0 bridge vlan add dev br0 vid 10 self brctl delbr br0 done We can observe the cache size of corresponding slab entry (as kmalloc-2048 in SLUB) is increased. kmemleak output: unreferenced object 0xffff8800b68a7000 (size 2048): comm "bridge", pid 2086, jiffies 4295774704 (age 47.656s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 48 9b 36 00 88 ff ff .........H.6.... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x4e/0xb0 [] kmem_cache_alloc_trace+0xca/0x220 [] br_vlan_add+0x66/0xe0 [bridge] [] br_setlink+0x2dc/0x340 [bridge] [] rtnl_bridge_setlink+0x101/0x200 [] rtnetlink_rcv_msg+0x99/0x260 [] netlink_rcv_skb+0xa9/0xc0 [] rtnetlink_rcv+0x28/0x30 [] netlink_unicast+0xdd/0x190 [] netlink_sendmsg+0x2ff/0x740 [] sock_sendmsg+0x88/0xc0 [] ___sys_sendmsg.part.14+0x298/0x2b0 [] __sys_sendmsg+0x4e/0x90 [] SyS_sendmsg+0xe/0x10 [] system_call_fastpath+0x16/0x1b [] 0xffffffffffffffff Signed-off-by: Toshiaki Makita Signed-off-by: David S. Miller --- net/bridge/br_if.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index c41d5fbb91d..6e6194fcd88 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c @@ -172,6 +172,7 @@ void br_dev_delete(struct net_device *dev, struct list_head *head) del_nbp(p); } + br_vlan_flush(br); del_timer_sync(&br->gc_timer); br_sysfs_delbr(br->dev); -- cgit v1.2.3-70-g09d2