Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1708267ybe; Wed, 11 Sep 2019 20:48:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqyUYY8xmI0p9Zdn8IluYbco9WdF5NpTyzOO1qw5X0mwomRUrQuMoV6CIh8bn2EChbrUmTvk X-Received: by 2002:a50:99da:: with SMTP id n26mr23688682edb.293.1568260082741; Wed, 11 Sep 2019 20:48:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568260082; cv=none; d=google.com; s=arc-20160816; b=Cb9UFBUwfioLi2xuYXvNdpaboMdtNgJY5x7kQfbpLf6gUMZgmhoF5vgIIvLjmPkI7i 3jZIaZESSQSK3Qr/jqaWOkrt/EQl1zAjJIwlcVWK7tVtUhZxxJ9dS+ltC4ASCbVN9o1t IN/EBw8QbOQtweeWDxMNdlYvMx1CIzYS+uYoKPL95qKL2xU5iOQWVTbUUMJUqZWa1Tni rKahYHg4/OpZe4U9FF3F7gnO90G4GkbMIXIgYQOBoAqS9I+IWtdZFJpu4BN7C4QrscXg EhX8TvZN3NzcK4+WzlBgx+6eRUA+nZBK8TvSctxUxuoGjkhdWWI1t5wAS+y8We+4INbm 08yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Z138C/6DS+7dFFbX/tZs9Ex5gSik8316JbUqfnUnF+4=; b=p/wZ1Din1v7nK2XfaqYN38sBKC6U1BV7rlIqCLJxixJo+7rERW46SQ1JosY/kfa0mF j/oLtjlTCvIxiZx5H369zxG5c/UNXJiCJI4I58BmfBS/E9/Apyj4277+CTLrztm6oY1Y jQcZESq7rZVKxpMJGDK+riRhRwCcCI70xMwJLSssfpkiP+ctN0vQjsi4Wn8+2g7oZ8Ch 1WLF6j+CXqf/Fl2ugnnm8WKaJP/4+gbNW1ROa18CcgCk3ySLNgyDLQiboeZR10L3hD6m 0Ck7U/XcT72SZ1I4NbyGPQ2Bho7o6A4m/ecQPQJzPjBcZ9GPkKgWc7T3XoeRa19Rri4v tg+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p11si11792089edq.310.2019.09.11.20.47.38; Wed, 11 Sep 2019 20:48:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729806AbfILDpH (ORCPT + 99 others); Wed, 11 Sep 2019 23:45:07 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:2267 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727873AbfILDpF (ORCPT ); Wed, 11 Sep 2019 23:45:05 -0400 Received: from DGGEMS407-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id D6A97EC9127A2D852B99; Thu, 12 Sep 2019 11:45:03 +0800 (CST) Received: from localhost.localdomain.localdomain (10.175.113.25) by DGGEMS407-HUB.china.huawei.com (10.3.19.207) with Microsoft SMTP Server id 14.3.439.0; Thu, 12 Sep 2019 11:44:53 +0800 From: Mao Wenan To: , , , CC: , , , , Mao Wenan , Hulk Robot Subject: [PATCH v2 net 3/3] sctp: destroy bucket if failed to bind addr Date: Thu, 12 Sep 2019 12:02:19 +0800 Message-ID: <20190912040219.67517-4-maowenan@huawei.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190912040219.67517-1-maowenan@huawei.com> References: <7a450679-40ca-8a84-4cba-7a16f22ea3c0@huawei.com> <20190912040219.67517-1-maowenan@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.113.25] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There is one memory leak bug report: BUG: memory leak unreferenced object 0xffff8881dc4c5ec0 (size 40): comm "syz-executor.0", pid 5673, jiffies 4298198457 (age 27.578s) hex dump (first 32 bytes): 02 00 00 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ f8 63 3d c1 81 88 ff ff 00 00 00 00 00 00 00 00 .c=............. backtrace: [<0000000072006339>] sctp_get_port_local+0x2a1/0xa00 [sctp] [<00000000c7b379ec>] sctp_do_bind+0x176/0x2c0 [sctp] [<000000005be274a2>] sctp_bind+0x5a/0x80 [sctp] [<00000000b66b4044>] inet6_bind+0x59/0xd0 [ipv6] [<00000000c68c7f42>] __sys_bind+0x120/0x1f0 net/socket.c:1647 [<000000004513635b>] __do_sys_bind net/socket.c:1658 [inline] [<000000004513635b>] __se_sys_bind net/socket.c:1656 [inline] [<000000004513635b>] __x64_sys_bind+0x3e/0x50 net/socket.c:1656 [<0000000061f2501e>] do_syscall_64+0x72/0x2e0 arch/x86/entry/common.c:296 [<0000000003d1e05e>] entry_SYSCALL_64_after_hwframe+0x49/0xbe This is because in sctp_do_bind, if sctp_get_port_local is to create hash bucket successfully, and sctp_add_bind_addr failed to bind address, e.g return -ENOMEM, so memory leak found, it needs to destroy allocated bucket. Reported-by: Hulk Robot Signed-off-by: Mao Wenan Acked-by: Neil Horman --- net/sctp/socket.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 2f810078c91d..69ec3b796197 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -412,11 +412,13 @@ static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len) ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len, SCTP_ADDR_SRC, GFP_ATOMIC); - /* Copy back into socket for getsockname() use. */ - if (!ret) { - inet_sk(sk)->inet_sport = htons(inet_sk(sk)->inet_num); - sp->pf->to_sk_saddr(addr, sk); + if (ret) { + sctp_put_port(sk); + return ret; } + /* Copy back into socket for getsockname() use. */ + inet_sk(sk)->inet_sport = htons(inet_sk(sk)->inet_num); + sp->pf->to_sk_saddr(addr, sk); return ret; } -- 2.20.1