netlink: Fix dump skb leak/double free
authorHerbert Xu <herbert@gondor.apana.org.au>
Mon, 16 May 2016 09:28:16 +0000 (17:28 +0800)
committerManish Tuteja <mtuteja@nvidia.com>
Thu, 6 Apr 2017 00:56:53 +0000 (17:56 -0700)
commitac208248371185d15a6b82c88f195a5718d3894d
treea3c0ac6d26ce8e3f97881404e003c3998d112491
parenta8ef01401134bd1cea940e8456f2f111ca67a08f
netlink: Fix dump skb leak/double free

When we free cb->skb after a dump, we do it after releasing the
lock.  This means that a new dump could have started in the time
being and we'll end up freeing their skb instead of ours.

This patch saves the skb and module before we unlock so we free
the right memory.

Bug 1880704

Change-Id: I99a013d97bbbb793ebc0a196cd0e35ec198e3cb1
Fixes: 16b304f3404f ("netlink: Eliminate kmalloc in netlink dump operation.")
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1311849
(cherry picked from commit 2605cb0c4277297fdcab1257f796d623f649235f)
Reviewed-on: http://git-master/r/1330547
Reviewed-by: Manish Tuteja <mtuteja@nvidia.com>
net/netlink/af_netlink.c