Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3028612imc; Wed, 13 Mar 2019 07:13:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJLspBMM7sK9IfUDQ53q2J+Qiqt4m8EsajHJbz2FuCCXNmoWv2rjusalU38rTkL9AGUJXe X-Received: by 2002:a63:2b03:: with SMTP id r3mr5156788pgr.1.1552486399121; Wed, 13 Mar 2019 07:13:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552486399; cv=none; d=google.com; s=arc-20160816; b=lbB0RUdADZ/0ftCntt7omIsyjA7IkQeWzWJoKZ0CRLdzZ3Dft3nAazJeN6ZfZBvkWd 4TbRHlUjXwFE6XVmwe9jySviMJAUVsxc6xeVFnaIt1bRv4XVGqZ7J3gYmGkBq8vAmpR0 U9DVy2hP830HPGS2RaX7htUFifAEIVOH0bDk0+7QqRIabedi9P6iR71nlTKLwJVGihS9 DDbSx7UkTi17ycUeQsd4q0HV+wqZerB1X+N4J5yAS+xAt4D8Aot7LK8PtOnq3NmuitHg SFXal/MBp617tgNHGUfDq2HOXDxY3qkdao5JBCWkC2Xq4b4PbKFFJg4skbP7LG72gKBw tRSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=FfopRKD7QtYSLg3rnd5ZQGI71q3xFn6XIuUSlywCRuc=; b=cUJFcOHK/5TqiVR6QlcnbOOabm+DoSN6bSC/TzwfxeEvMhHCtI1ARc5lH8smFhlPCY aoP9ZV9CbL/rqFs8P//ZcOH3aWwWB5wAm2TmEml9mSbNaeVSK/ixoa1L/0x4pryCymcY WLoHumEa2p/q69/VzX9d12Yq7csCJ64IkEBfbt/B1Yq1MgRJitRVr8B7IDMkQbnmOZ/Z WcAD3UCpDHWMoeP0Yj6IGc7EhokpkM/nigoRf+p1X43yeEYuZ6bHOj4p7w2vNWbTPK9u ANwpuZMPZq277I9eN26KFvUwSOmYoXn4EsCxZRn8WFV7uZ90a0A4RIu6ZGPYamdn0kUn +vsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d90si11598061pld.97.2019.03.13.07.13.03; Wed, 13 Mar 2019 07:13:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726465AbfCMOMf convert rfc822-to-8bit (ORCPT + 99 others); Wed, 13 Mar 2019 10:12:35 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:32904 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725893AbfCMOMf (ORCPT ); Wed, 13 Mar 2019 10:12:35 -0400 Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 785CF2FC4146B8EFAE50; Wed, 13 Mar 2019 14:12:31 +0000 (GMT) Received: from fraeml702-chm.china.huawei.com (10.206.15.51) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 13 Mar 2019 14:12:31 +0000 Received: from fraeml704-chm.china.huawei.com (10.206.15.53) by fraeml702-chm.china.huawei.com (10.206.15.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 13 Mar 2019 16:12:30 +0200 Received: from fraeml704-chm.china.huawei.com ([10.206.112.182]) by fraeml704-chm.china.huawei.com ([10.206.112.182]) with mapi id 15.01.1591.008; Wed, 13 Mar 2019 16:12:30 +0200 From: Dmitry Kasatkin To: Sasha Levin CC: Al Viro , yuehaibing , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "keescook@chromium.org" , "stable@vger.kernel.org" , "gregkh@linuxfoundation.org" Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file Thread-Topic: [PATCH -next] exec: Fix mem leak in kernel_read_file Thread-Index: AQHUx/hXfkWBsNi2tEKokiQlVrf8Y6XmQzYAgCCDsbeAAEiIgIACrT2N Date: Wed, 13 Mar 2019 14:12:30 +0000 Message-ID: <0bd9d01037354048a1d45be1ce96714f@huawei.com> References: <20190219021038.11340-1-yuehaibing@huawei.com> <20190219022512.GW2217@ZenIV.linux.org.uk> ,<20190311231627.GI158926@sasha-vm> In-Reply-To: <20190311231627.GI158926@sasha-vm> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.122.225.32] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sasha Levin Sent: Tuesday, March 12, 2019 1:16 AM To: Dmitry Kasatkin Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; keescook@chromium.org; stable@vger.kernel.org; gregkh@google.com Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file ? On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote: > >From: Al Viro on behalf of Al Viro >Sent: Tuesday, February 19, 2019 4:25 AM >To: yuehaibing >Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org >Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file >? >On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote: >> syzkaller report this: >> BUG: memory leak >> unreferenced object 0xffffc9000488d000 (size 9195520): >>?? comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) >>?? hex dump (first 32 bytes): >>???? ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00? ................ >>???? 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff? ..........z..... >>?? backtrace: >>???? [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] >>???? [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] >>???? [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 >>???? [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 >>???? [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 >>???? [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 >>???? [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 >>???? [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe >>???? [<00000000241f889b>] 0xffffffffffffffff >> >> It should goto 'out_free' lable to free allocated buf while kernel_read >> fails. > >Applied. > > >This must be applied to stables as well... > It's already in all relevant stable trees... I only can see in longterm 4.19. What about 4.9 and 4.14? Thanks, Dmitry