On Wed, Feb 24, 2016 at 09:37:39PM +0000, Mark McKinstry wrote: > On 19/02/16 01:19, Steffen Klassert wrote: > > On Thu, Feb 18, 2016 at 01:40:00AM +0000, Mark McKinstry wrote: > >> This patch fixes our issue, thanks. In our scenario the tunnel path MTU > >> now gets updated so that subsequent large packets sent over the tunnel > >> get fragmented correctly. > > I've applied this patch to the ipsec tree now. > > Thanks for testing! > I spoke too soon. Upon further testing with this patch we have found it > causes > a skt buffer leak. This is problematic for us and can cause memory > exhaustion in > one of our test scenarios that has an IPv4 IPsec tunnel over a PPP link. The patch below is what I plan to apply on top of the original patch. Subject: [PATCH] vti: Fix recource leeks on pmtu discovery A recent patch introduced pmtu handling directly in the vti transmit routine. Unfortunately we now return without releasing the dst_entry and freeing the sk_buff. This patch fixes the issue. Fixes: 325b71fe0f57 ("vti: Add pmtu handling to vti_xmit.") Reported-by: Mark McKinstry <Mark.McKinstry@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> --- net/ipv4/ip_vti.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index 6862305..2ea2b6e 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -206,7 +206,8 @@ static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev, else icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); - return -EMSGSIZE; + dst_release(dst); + goto tx_error; } err = dst_output(tunnel->net, skb->sk, skb); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html