Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp3061509imj; Mon, 18 Feb 2019 18:50:56 -0800 (PST) X-Google-Smtp-Source: AHgI3IZQYelMHg23V16yYItfmBi/kHztghftLCbXmPeOUkAgRZIZQedOcQ5VMsUAsff0W5rIpO2w X-Received: by 2002:a17:902:1a2:: with SMTP id b31mr28876614plb.87.1550544656166; Mon, 18 Feb 2019 18:50:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550544656; cv=none; d=google.com; s=arc-20160816; b=yt15zCuRpMLiYVtvOdhUdlPDFV6V/qU60LlknH+48+jao649QunYqqdrWr4++YU3LA b/ZEtIukWM9yY/X9e6d2lePHr7pTPsQ3GSgHngM0jZoMZ1FflgeZushoUtWl0ML+R01L I7LX8zc4rbtYWzZCRLQbZg9y30/Derh8D2X66NCjstGN4XkCnhiAeRTe/4PJiaWucQFX yhOlI3rn+ZLENFSAZHmXrO0rn7OE9l0tPaH5ppceNaFbW2Hvm+j//tpF0wbwBMyMQW/N 37S5Yth7Fb+uGAM36e6LHVvaILIYTOmU/clQy/OdlT+dKW7XFoLw5PzutzAZxxZuf6/E VMQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=kukEE9e0CWJM6Y1F2XOIBw3eJfPLfcGMoldQJjSHYh4=; b=VMGFV8eCA4LK5YNUogumCHptMj/xcj2GSrFu15MgSlb8zfU7D441lTbzOuPeNRtGfc aRcIq2pfkWsR4fyZUrv45G1fMYtNuMGpJJ+cK+mS7+nFB6Qsd+qIC/i7KHXDrwaxAVvX gJv4wsfMcV13C3KgRA4uIHNl9ookx0BtZap1xVbHyrcbn5RXK87hORt+/ktRoA88zWtc st3SNE1aHk6R4k9RP6YWzxjFHkUMnPhTWtgxe1Adh1QIQS4r4moxF8Frs5j5VV4ID+5v gR3HC/d0y+T0cgl3N4Ou8NKM2TI9XWkbijtzqr6oc9XRS+KGYzVMrJU9gP0MWEfHnTC3 QpWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7si14641210pgp.284.2019.02.18.18.50.41; Mon, 18 Feb 2019 18:50:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725836AbfBSCZP (ORCPT + 99 others); Mon, 18 Feb 2019 21:25:15 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:56708 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725372AbfBSCZP (ORCPT ); Mon, 18 Feb 2019 21:25:15 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.91 #2 (Red Hat Linux)) id 1gvv5s-0002Cz-KE; Tue, 19 Feb 2019 02:25:12 +0000 Date: Tue, 19 Feb 2019 02:25:12 +0000 From: Al Viro To: YueHaibing Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, dmitry.kasatkin@huawei.com, keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file Message-ID: <20190219022512.GW2217@ZenIV.linux.org.uk> References: <20190219021038.11340-1-yuehaibing@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190219021038.11340-1-yuehaibing@huawei.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote: > syzkaller report this: > BUG: memory leak > unreferenced object 0xffffc9000488d000 (size 9195520): > comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) > hex dump (first 32 bytes): > ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ > 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... > backtrace: > [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] > [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] > [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 > [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 > [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 > [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 > [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 > [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe > [<00000000241f889b>] 0xffffffffffffffff > > It should goto 'out_free' lable to free allocated buf while kernel_read > fails. Applied.