Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp3060536imc; Wed, 13 Mar 2019 07:59:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqxeI5OYltLHFylhv6dCc8jgE9XILxsTdlPRfovzrZ1NQY+Nh6F0cVijUHK5KUZaPpmB0t1d X-Received: by 2002:a62:5841:: with SMTP id m62mr5110983pfb.181.1552489139952; Wed, 13 Mar 2019 07:58:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552489139; cv=none; d=google.com; s=arc-20160816; b=rFsqaBLwakvw69fW7ixvQRYMIdc0R91iBWET19afJPggd653ac4gme64OHDGdR0y2T w7/2TnZueADsitkCb2uuD06ogPbxqmY+RABhBzBVPI5dx+ibjKD33HQ9Foy0Q8nunpAq KAAG/6FRYxSTNNGPHT4VFQgK91BqCWvE6+aNWRykUBi8tvzi3v9JC5M5hAEhtyixzW8z jogGdRUlYSpa5yGx+fv97SVlWEnhYjSTSGQfM/PLcWIaX0R60WbTzcgLpmqId5x52I/c Sg+7klihPhZpXqKFNy90CDy9FM6DR62gZ6BsLlKfv27UZ2W0CN7D+Rql/r1I4fWNoTD3 rjGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=o2XzmsqA4V+AW8rHiECZ4ZKx5MV89UXmNJX8Rj5b2uM=; b=bXIZoOEXBsKqF/HjdgFWn5Q4jYzbEZg1t6a1vqMdeG87/45prKHPOf1xqDRJu4D2F9 9gCgs0uDgIwbtNJkNe37pjca+gAC/gpfNK8rRkCy7qUswmPEPfyTbZPEVM3WMRurFUFg 3bSintgmju8gtGEW/R153GNer0VAUMuE8bd7xbjaTxX7KybD97XuHzWKHjMAVT5VB/U/ FmMr+0wfEoJVcjfawR6DneyFFcHLSMqR2ItzwH9PjKvUhJmPxeJbmTZdW3m8IUgfkKlC J7GByYHMvR0KMj9V2nzx6HaYgbAeA0Km0thYptSxueTVTll8hM7DtKLUVXP1WgHR+Pj7 yLiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l192si10800162pfc.147.2019.03.13.07.58.43; Wed, 13 Mar 2019 07:58:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726708AbfCMO43 (ORCPT + 99 others); Wed, 13 Mar 2019 10:56:29 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:32905 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725870AbfCMO43 (ORCPT ); Wed, 13 Mar 2019 10:56:29 -0400 Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id D27D556B128271B93896; Wed, 13 Mar 2019 14:56:27 +0000 (GMT) Received: from FRAEML701-CAH.china.huawei.com (10.206.14.32) by LHREML711-CAH.china.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 13 Mar 2019 14:56:27 +0000 Received: from [10.122.225.32] (10.122.225.32) by smtpsde.huawei.com (10.206.14.32) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 13 Mar 2019 15:56:20 +0100 Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file To: "gregkh@linuxfoundation.org" CC: Sasha Levin , Al Viro , yuehaibing , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "keescook@chromium.org" , "stable@vger.kernel.org" References: <20190219021038.11340-1-yuehaibing@huawei.com> <20190219022512.GW2217@ZenIV.linux.org.uk> <20190311231627.GI158926@sasha-vm> <0bd9d01037354048a1d45be1ce96714f@huawei.com> <20190313143805.GB7489@kroah.com> From: Dmitry Kasatkin Message-ID: <2eda62ec-d362-ed04-2c31-8a68c3b5986f@huawei.com> Date: Wed, 13 Mar 2019 17:00:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190313143805.GB7489@kroah.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [10.122.225.32] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/03/2019 16:38, gregkh@linuxfoundation.org wrote: > On Wed, Mar 13, 2019 at 02:12:30PM +0000, Dmitry Kasatkin wrote: >> >> >> >> >> >> >> From: Sasha Levin >> Sent: Tuesday, March 12, 2019 1:16 AM >> To: Dmitry Kasatkin >> Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; keescook@chromium.org; stable@vger.kernel.org; gregkh@google.com >> Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file >> >> On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote: >>> >>> From: Al Viro on behalf of Al Viro >>> Sent: Tuesday, February 19, 2019 4:25 AM >>> To: yuehaibing >>> Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org >>> Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file >>> >>> On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote: >>>> syzkaller report this: >>>> BUG: memory leak >>>> unreferenced object 0xffffc9000488d000 (size 9195520): >>>>    comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) >>>>    hex dump (first 32 bytes): >>>>      ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00  ................ >>>>      02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff  ..........z..... >>>>    backtrace: >>>>      [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] >>>>      [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] >>>>      [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 >>>>      [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 >>>>      [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 >>>>      [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 >>>>      [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 >>>>      [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe >>>>      [<00000000241f889b>] 0xffffffffffffffff >>>> >>>> It should goto 'out_free' lable to free allocated buf while kernel_read >>>> fails. >>> >>> Applied. >>> >>> >>> This must be applied to stables as well... >> >>> It's already in all relevant stable trees... >> >> I only can see in longterm 4.19. >> >> What about 4.9 and 4.14? > > It was in the queue already for that (you can see it on git.kernel.org), > and they are now part of the -rc releases that are currently out for > review. > > thanks, > > greg k-h > Thanks! Dmitry