Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp261880img; Mon, 18 Mar 2019 02:31:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqwVYYzq07MeKEGClLn+0gVLS7V/TL+x/qhPTgOHMLKfYvXFkamOykOcKYRGeJ3m8ButBcUi X-Received: by 2002:a17:902:14b:: with SMTP id 69mr18647695plb.216.1552901511178; Mon, 18 Mar 2019 02:31:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552901511; cv=none; d=google.com; s=arc-20160816; b=boVF60RrGN9lttrL0jUQqYwUL96FU+f5qXBd7TGhJtrZRRu1eEws63h+py25BoJzvd ow09/kn5OG6eBuMVQd3BeHvB2DJD1uLbvDYHOI4FifGnmwm2MCdE4JeEpxGug8m+jT4H L1R4smKJ0ZLGnUY22SUhtwR5KmyOS6Qvt2LYsdFu2l/10tPl91tVDWfICzQyD5a5ekV3 WH29MZEz/iM3hhuDksio2jJ0Z2eRxRAVN1Jjjwg7xAwM54S7bf72QHLsgIJ/kZacmfDq jjR31UN8ut56AqkopniW5vRDCCQkVQoqlUjzucF6rSrR+sP1o8zL7WtkOVGUXyO1CA1e hmOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qBJ/Qnf0sNBMpf6vafbRADnTYPEiOYNUF8In8JWopWc=; b=RMPgrkVqXvegqZZycXJv3YuDxD1itFONF4cgORxjvgMPnmOpWsKNn5XqKixGuQ3N+1 Q2ReoSAJDX53GwE3pEnac4cwXNALXYEGfc/sVzzFfDZ1JTCmsCpptJfGIkgiA2ddDAty 8yLXCrNRL3e3TupYiNMWbmr5ortoc2SYZjObvg+kqaUjnc/47I2HMEDGeG8rEIHV0wOr 7aPz7j6TiwUx9GkbrZOIEzV+cO/rvKc8r3e7dG8ajLvH8HSm6shdQhpnOWzVIle6Lk9T CcXoSvjzM3dU+mQa/mU0rOqReKuEPVQhuzhNcvdV2LIIGMI7W7ZYiBiAE4tY7aAJ37Mc 9Xug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OPwJLrct; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8si8675798pgr.109.2019.03.18.02.31.36; Mon, 18 Mar 2019 02:31:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OPwJLrct; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728344AbfCRJaN (ORCPT + 99 others); Mon, 18 Mar 2019 05:30:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:37042 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727672AbfCRJaK (ORCPT ); Mon, 18 Mar 2019 05:30:10 -0400 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0E2472083D; Mon, 18 Mar 2019 09:30:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552901407; bh=ro1Xtcj9HfzBPgdoCDOFixRpgXl1J3d8CV8CVeofE54=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OPwJLrctrVSEj2aWzDgGU9a+dFaXsga2/IA3YxL0E2Ha/gkYVi1uX2FxcX5v7rqGJ PLV9S4iT8BvJQbcU8/7HC2o2C3d8U/deBhKcDw4zf375L2+aVbWYwNmh8H+JBi/v00 SgK20/V9Lm7NhgXkHbtqSR2TvP9uTFD19SbYeD5I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hulk Robot , Mao Wenan , "David S. Miller" Subject: [PATCH 4.20 08/52] net: hsr: fix memory leak in hsr_dev_finalize() Date: Mon, 18 Mar 2019 10:24:55 +0100 Message-Id: <20190318083844.401518713@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318083843.398913295@linuxfoundation.org> References: <20190318083843.398913295@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mao Wenan [ Upstream commit 3dc6da493a29dbeda9f13b637bd9c02c414b2261 ] If hsr_add_port(hsr, hsr_dev, HSR_PT_MASTER) failed to add port, it directly returns res and forgets to free the node that allocated in hsr_create_self_node(), and forgets to delete the node->mac_list linked in hsr->self_node_db. BUG: memory leak unreferenced object 0xffff8881cfa0c780 (size 64): comm "syz-executor.0", pid 2077, jiffies 4294717969 (age 2415.377s) hex dump (first 32 bytes): e0 c7 a0 cf 81 88 ff ff 00 02 00 00 00 00 ad de ................ 00 e6 49 cd 81 88 ff ff c0 9b 87 d0 81 88 ff ff ..I............. backtrace: [<00000000e2ff5070>] hsr_dev_finalize+0x736/0x960 [hsr] [<000000003ed2e597>] hsr_newlink+0x2b2/0x3e0 [hsr] [<000000003fa8c6b6>] __rtnl_newlink+0xf1f/0x1600 net/core/rtnetlink.c:3182 [<000000001247a7ad>] rtnl_newlink+0x66/0x90 net/core/rtnetlink.c:3240 [<00000000e7d1b61d>] rtnetlink_rcv_msg+0x54e/0xb90 net/core/rtnetlink.c:5130 [<000000005556bd3a>] netlink_rcv_skb+0x129/0x340 net/netlink/af_netlink.c:2477 [<00000000741d5ee6>] netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] [<00000000741d5ee6>] netlink_unicast+0x49a/0x650 net/netlink/af_netlink.c:1336 [<000000009d56f9b7>] netlink_sendmsg+0x88b/0xdf0 net/netlink/af_netlink.c:1917 [<0000000046b35c59>] sock_sendmsg_nosec net/socket.c:621 [inline] [<0000000046b35c59>] sock_sendmsg+0xc3/0x100 net/socket.c:631 [<00000000d208adc9>] __sys_sendto+0x33e/0x560 net/socket.c:1786 [<00000000b582837a>] __do_sys_sendto net/socket.c:1798 [inline] [<00000000b582837a>] __se_sys_sendto net/socket.c:1794 [inline] [<00000000b582837a>] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1794 [<00000000c866801d>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000fea382d9>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000e01dacb3>] 0xffffffffffffffff Fixes: c5a759117210 ("net/hsr: Use list_head (and rcu) instead of array for slave devices.") Reported-by: Hulk Robot Signed-off-by: Mao Wenan Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/hsr/hsr_device.c | 4 +++- net/hsr/hsr_framereg.c | 12 ++++++++++++ net/hsr/hsr_framereg.h | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) --- a/net/hsr/hsr_device.c +++ b/net/hsr/hsr_device.c @@ -486,7 +486,7 @@ int hsr_dev_finalize(struct net_device * res = hsr_add_port(hsr, hsr_dev, HSR_PT_MASTER); if (res) - return res; + goto err_add_port; res = register_netdevice(hsr_dev); if (res) @@ -506,6 +506,8 @@ int hsr_dev_finalize(struct net_device * fail: hsr_for_each_port(hsr, port) hsr_del_port(port); +err_add_port: + hsr_del_node(&hsr->self_node_db); return res; } --- a/net/hsr/hsr_framereg.c +++ b/net/hsr/hsr_framereg.c @@ -124,6 +124,18 @@ int hsr_create_self_node(struct list_hea return 0; } +void hsr_del_node(struct list_head *self_node_db) +{ + struct hsr_node *node; + + rcu_read_lock(); + node = list_first_or_null_rcu(self_node_db, struct hsr_node, mac_list); + rcu_read_unlock(); + if (node) { + list_del_rcu(&node->mac_list); + kfree(node); + } +} /* Allocate an hsr_node and add it to node_db. 'addr' is the node's AddressA; * seq_out is used to initialize filtering of outgoing duplicate frames --- a/net/hsr/hsr_framereg.h +++ b/net/hsr/hsr_framereg.h @@ -16,6 +16,7 @@ struct hsr_node; +void hsr_del_node(struct list_head *self_node_db); struct hsr_node *hsr_add_node(struct list_head *node_db, unsigned char addr[], u16 seq_out); struct hsr_node *hsr_get_node(struct hsr_port *port, struct sk_buff *skb,