The memcpy_from_iovec() function that the unix sendmsg functions use modifies
the struct msghdr. Since the current code uses the msg.iovec_base pointer
in the msghdr for the kmalloc() and kfree(), we end up freeing the wrong
pointer. This patch stores the original address in a separate pointer and
corrects the kfree() call to use it.
Cc: serue@xxxxxxxxxx
Signed-off-by: Dan Smith <danms@xxxxxxxxxx>
---
net/unix/checkpoint.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/unix/checkpoint.c b/net/unix/checkpoint.c
index 841d25d..65b7025 100644
--- a/net/unix/checkpoint.c
+++ b/net/unix/checkpoint.c
@@ -118,6 +118,7 @@ static int sock_read_buffer_sendmsg(struct ckpt_ctx *ctx, struct sock *sock)
{
struct msghdr msg;
struct kvec kvec;
+ void *buf;
int ret = 0;
int len;
@@ -134,8 +135,9 @@ static int sock_read_buffer_sendmsg(struct ckpt_ctx *ctx, struct sock *sock)
}
kvec.iov_len = len;
- kvec.iov_base = kmalloc(len, GFP_KERNEL);
- if (!kvec.iov_base)
+ buf = kmalloc(len, GFP_KERNEL);
+ kvec.iov_base = buf;
+ if (!buf)
return -ENOMEM;
ret = ckpt_kread(ctx, kvec.iov_base, len);
@@ -147,7 +149,7 @@ static int sock_read_buffer_sendmsg(struct ckpt_ctx *ctx, struct sock *sock)
if ((ret > 0) && (ret != len))
ret = -ENOMEM;
out:
- kfree(kvec.iov_base);
+ kfree(buf);
return ret;
}
--
1.6.2.5
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
