Description

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv] CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [] iucv_sock_destruct+0x148/0x1a0 [af_iucv] [] iucv_sock_destruct+0x80/0x1a0 [af_iucv] [] __sk_destruct+0x52/0x550 [] __sock_release+0xa4/0x230 [] sock_close+0x2c/0x40 [] __fput+0x2e8/0x970 [] task_work_run+0x1c4/0x2c0 [] do_exit+0x996/0x1050 [] do_group_exit+0x13a/0x360 [] __s390x_sys_exit_group+0x56/0x60 [] do_syscall+0x27a/0x380 [] __do_syscall+0x9c/0x160 [] system_call+0x70/0x98 Last Breaking-Event-Address: [] iucv_sock_destruct+0x84/0x1a0 [af_iucv]