Linux Kernel Page Pool Leak Vulnerability in LAN966X Driver

A vulnerability exists in the Linux kernel's LAN966X Ethernet driver, where a page pool is created but not properly destroyed in the event of an error. This issue arises in the 'lan966x_fdma_rx_alloc()' function, which fails to release the page pool if the 'fdma_alloc_coherent()' call does not succeed, leading to a memory leak. Similarly, the 'lan966x_fdma_init()' function correctly frees coherent DMA memory when 'lan966x_fdma_tx_alloc()' fails, but it neglects to destroy the page pool created by the receive allocation function, causing another leak. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability leads to a memory leak, where allocated page pools are not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'lan966x_fdma_rx_alloc()' function, which will create a page pool. If the subsequent 'fdma_alloc_coherent()' call fails, the page pool will not be destroyed, resulting in a memory leak. This leak can also be observed in the 'lan966x_fdma_init()' function, where the receive allocation's page pool is not freed after a transmission allocation failure.

Remediation

The vulnerability has been addressed by adding the missing 'page_pool_destroy()' calls in both error paths of the affected functions. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.