Received: by 2002:a17:90a:88:0:0:0:0 with SMTP id a8csp127574pja; Fri, 22 Nov 2019 04:25:03 -0800 (PST) X-Google-Smtp-Source: APXvYqw+8nQ+qD5/gsbD7Zhbv7d5Y74N3oJSjGoFxuJ4HqJpuLBVaeYs/Q+U/QcbBgYUwQ1KYNOk X-Received: by 2002:a50:b632:: with SMTP id b47mr709507ede.289.1574425503632; Fri, 22 Nov 2019 04:25:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574425503; cv=none; d=google.com; s=arc-20160816; b=mu5nRBDxMw3QTTmSru2QeGt/AkKQiY/1saPrhWdHXfoKETdaS+OBst5OV4Kvvki5Jz tORBeFlx7VDe44w8uGG6GWGrRmfhq5OKPRuEZV50bA4zzC26o2RQIURv+8Z0hX2H4FGd XASE2GZJ+8cTMkuauMmImVUjhBvZILFfmZPgLWQT1wnF4lY9LjgDJXks1y8n5Qu+vqcd SrEERKEDGNPEEsU+W+Rqj+KOvxnIS3Exp4tJ2AaZUfEf0QTcbQxL/uetPKX99V35jXJZ Bme6ZBmT7rYSc2WP6oecA8He2ofW/+VKTr3H/KZmvQFZxBSBYTk8QgzQnPB6oU4m53OM KY8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wXj2sAVCUV5t+73pBJfGNdCpai0tHzAsWTEpcne6i5U=; b=H3nyz1KFUas0Yn0/zfduGDVDmdNdIkFga7tlF5DDpbZ+kOo3DOJR8kVYydoxwyHgjM PATepULuEw7jErVgjquiVlKO9v2j6YnJHW03GUEbl8nX2B3XJhxlJhXTAmYlJfsouKut mvrG1fUUbmWwDocvxKkdeBUhGbe+8KnhkyEl7gX+flB1ou1OT8MUpcFAifsZwziGel7d vdJstg/V/d5A/sUYH4SRaMPdE+QIOcT4mdeFEADkkRB6VYiGoapAlVaIB/UXFoK8jzKP YttYi+CAS5qp90IZYdJGptP5pHZrF2BH5rHdycolxChvVHbOc7YuC8Wvw31hiAMDg85U ++kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=J5CR3YhA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o12si4220769edv.43.2019.11.22.04.24.39; Fri, 22 Nov 2019 04:25:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=J5CR3YhA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728164AbfKVKj3 (ORCPT + 99 others); Fri, 22 Nov 2019 05:39:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:42602 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728265AbfKVKjZ (ORCPT ); Fri, 22 Nov 2019 05:39:25 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C6AEA20707; Fri, 22 Nov 2019 10:39:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574419165; bh=LFSN8ShC4Q5FMVFLBCNYvsqI/QYLN2eTHUz5rIJax6w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J5CR3YhAltr74zLZ1MVbuDWL/JdWq/rcz8VrUFvGnnzw50g7mTuBQJY9PfkwURLJD Jeosypw1HMwXvfzkVtH4jS0WOIfq+gr9AYgHxYRE8AHmwfY11YVnpB31Ly2tE1KCPK KpHskoYpcG3dzKbWu+yHlo2guoplyzeZLrhgxJSA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "David S. Miller" , Oliver Hartkopp , Lukas Bulwahn , Jouni Hogander Subject: [PATCH 4.9 002/222] slip: Fix memory leak in slip_open error path Date: Fri, 22 Nov 2019 11:25:42 +0100 Message-Id: <20191122100831.187446575@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100830.874290814@linuxfoundation.org> References: <20191122100830.874290814@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jouni Hogander [ Upstream commit 3b5a39979dafea9d0cd69c7ae06088f7a84cdafa ] Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected by Syzkaller in slcan. Same issue exists in slip.c and this patch is addressing the leak in slip.c. Here is the slcan memory leak trace reported by Syzkaller: BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096): comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s) hex dump (first 32 bytes): 73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000a06eec0d>] __kmalloc+0x18b/0x2c0 [<0000000083306e66>] kvmalloc_node+0x3a/0xc0 [<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080 [<0000000061a996c9>] slcan_open+0x3ae/0x9a0 [<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0 [<0000000019289631>] tty_set_ldisc+0x28c/0x5f0 [<000000004de5a617>] tty_ioctl+0x48d/0x1590 [<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510 [<0000000059068dbc>] ksys_ioctl+0x99/0xb0 [<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0 [<0000000053d0332e>] do_syscall_64+0x16f/0x580 [<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [<000000008ea75434>] 0xfffffffffffffff Cc: "David S. Miller" Cc: Oliver Hartkopp Cc: Lukas Bulwahn Signed-off-by: Jouni Hogander Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/slip/slip.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/slip/slip.c +++ b/drivers/net/slip/slip.c @@ -860,6 +860,7 @@ err_free_chan: sl->tty = NULL; tty->disc_data = NULL; clear_bit(SLF_INUSE, &sl->flags); + free_netdev(sl->dev); err_exit: rtnl_unlock();