Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1522181yba; Thu, 25 Apr 2019 00:55:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqz5nIXmolguCz41ywFOP27OXnzk3w1nc5eYApqIDs/YMoTBdZdF3Q/quFRrXeeAs9DG61lt X-Received: by 2002:a65:4342:: with SMTP id k2mr35865668pgq.178.1556178936357; Thu, 25 Apr 2019 00:55:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556178936; cv=none; d=google.com; s=arc-20160816; b=ZrVcMKQXKL3EwAgRVl/Gifkb7S83d/6E702AMYyqulbxtV/apoOP8smowPPpFB4pEI CtKihbsMwC0R9VAQ8xmnup3OwGTSn6IPIe21+C2jVRUqewa/QnEJ7omWigxIcNvHakV4 bHpYm0W0OIDJDZDkQuKH86yiuBwQC5H7+xVu2MqkdnvszVIDyIUOlObgOHL0MUkG23SL gPw+Liw5mDnZc6DbWVvtWSjTcgG/j0kynvtKvETiWKZrQEBLGqvwW8qfHB8L0vYW5HSu ctsgw09+7ezxlH/IrGt2jj3tmcxbarDTOwb+d7yc6A16HlvnpdCP30D7NCBXLUuitysn /shw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=Ktw08zRDx+QQau1FKIeHNlSkfrFqudj3H5cy4OpKOw0=; b=B7UaAmR7ghYbHJQqLe1Tc6RNkED1yIhJMPsV9fGKclySKxcObwzyFebpz/fsvSdNLC TEqHcxd6EBAxSWfvxbqlgG1ZyJ8IpWvd65c9PyEojC3fGbjgJVmRLp2xAmvUkbvYm2TO VKfDJYBZa4+m0sTvngx5txozHoZs0jkPt3lLy1e8P1Xsjee6xYojpaJF3ce/BjrZrYtN wjnyFinTlbAVZ1Dp3SZbEJLobRl7RFlr22t6ug8KZWPdwgp9XFPDseF3Nwt+VWirFJrQ efRoKr9455TUaLMMlVf75m9ijktrFEbBy7k6lp469W7TiESPTjdWxi9vxf0YgGYkKe6M amDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=stuDzc79; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n85si4900078pfi.288.2019.04.25.00.55.21; Thu, 25 Apr 2019 00:55:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=stuDzc79; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728695AbfDYBIq (ORCPT + 99 others); Wed, 24 Apr 2019 21:08:46 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:39895 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728694AbfDYBIq (ORCPT ); Wed, 24 Apr 2019 21:08:46 -0400 Received: by mail-qt1-f193.google.com with SMTP id h16so12307281qtk.6 for ; Wed, 24 Apr 2019 18:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-transfer-encoding; bh=Ktw08zRDx+QQau1FKIeHNlSkfrFqudj3H5cy4OpKOw0=; b=stuDzc79VhOvnwxaGUOHX9xu6OEgQVP8t9NubRl25IfAnWrmInLFBziPrORSXb2gW2 6gy6tQj4J5nCB9Uj208QCdrWEmMzkjKstE5r/k6JyycHoAXjN4HvhDV5EtPcbaGDibvG qzmg9sndgaCy6dAa8h9iI+8+FpyR68BosU+22Gy7DvI4dSfNcyImFNBrEzr2pgpSIOb7 Q98AkXhJrxhpfW57La7t1hlHlcg5FB9XdelDSJRVIeYMEzJI4ku74BO/l9N6HojjPTsz qMwDY05baWkQRbaYTyO31DWlLWVpv/67N5sD+pRCj/S48vlxolkCe7NkDpuuu8ZjjdpH YyeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version:content-transfer-encoding; bh=Ktw08zRDx+QQau1FKIeHNlSkfrFqudj3H5cy4OpKOw0=; b=NQ1TrGM+3AVDgar3GbiGg/v6BVSD4EnddO5qm6kd6Y2LXOnt79LERXwGsG2D72zbQV vFABKGQypMWy98SCxATYo/D05ozwVFXhWf/O+5VD9e/E1BGUm78lVkXTNKOCurZcGS6d nb1P4Evaykhdv3QTx0lZjKjf5LMG0PE2YKsGEbMDQC8luEL0weL7A+fw5T7j4TtIb/mF jtn2TW6XD86T0gkVkyja5DgRvq50sTYRX24HfxTV0pHr28Xtneoq0FbO1XkxImYr9yVT lLmnrpfgBSlUBSiI39bX6sixdlRtxJkMAF9sXOv+7BknxxqP2k+PKrbehcHGl6Lvk2qM SRyQ== X-Gm-Message-State: APjAAAXd1ok6r+wMH4ZZqOSYUGLl5MTARZKSdI3cIsT4ZkLTb/LyWCLW LeBl0joTO9dYDdz7naGrUE6HYA== X-Received: by 2002:a0c:9804:: with SMTP id c4mr6516016qvd.129.1556154525486; Wed, 24 Apr 2019 18:08:45 -0700 (PDT) Received: from cakuba.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id 11sm13757470qtu.5.2019.04.24.18.08.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 24 Apr 2019 18:08:45 -0700 (PDT) Date: Wed, 24 Apr 2019 18:08:40 -0700 From: Jakub Kicinski To: Wenwen Wang Cc: Boris Pismenny , Aviad Yehezkel , Dave Watson , John Fastabend , Daniel Borkmann , "David S. Miller" , netdev@vger.kernel.org (open list:NETWORKING [TLS]), linux-kernel@vger.kernel.org (open list), Vakul Garg Subject: Re: [PATCH] net: tls: fix a memory leak bug Message-ID: <20190424180840.515b88af@cakuba.netronome.com> In-Reply-To: <1556137087-25814-1-git-send-email-wang6495@umn.edu> References: <1556137087-25814-1-git-send-email-wang6495@umn.edu> Organization: Netronome Systems, Ltd. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 Apr 2019 15:18:07 -0500, Wenwen Wang wrote: > In decrypt_internal(), a memory block 'mem' is allocated through kmalloc() > to hold aead_req, sgin[], sgout[], aad, and iv. This memory block should be > freed after it is used, before this function is returned. However, if the > return value of the function invocation of tls_do_decryption() is > -EINPROGRESS, this memory block is actually not freed, which is a memory > leak bug. > > To fix this issue, free the allocated block before the error code > -EINPROGRESS is returned. > > Signed-off-by: Wenwen Wang Did you find this by code inspection or is this provable at runtime (kmemleak or such)? > diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c > index b50ced8..22445bb 100644 > --- a/net/tls/tls_sw.c > +++ b/net/tls/tls_sw.c > @@ -1445,8 +1445,10 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb, > /* Prepare and submit AEAD request */ > err = tls_do_decryption(sk, skb, sgin, sgout, iv, > data_len, aead_req, async); > - if (err == -EINPROGRESS) > + if (err == -EINPROGRESS) { > + kfree(mem); > return err; Mm... don't think so. -EINPROGRESS is special, it means something is working on the request asynchronously here. I think this memory is freed in tls_decrypt_done(): kfree(aead_req); Note that aead_req is the first member of the allocated buffer. CCing Vakul > + } > > /* Release the pages in case iov was mapped to pages */ > for (; pages > 0; pages--)