Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3288527ybb;
        Tue, 31 Mar 2020 02:10:19 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vsQXJnGRN06Ype1/5mHKqOzKbCagqe5+ifG3EFw4UZ09K+tUmBvyrT+DdxiZa/7W+ACoKSV
X-Received: by 2002:a05:6808:90f:: with SMTP id w15mr1447330oih.0.1585645819297;
        Tue, 31 Mar 2020 02:10:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585645819; cv=none;
        d=google.com; s=arc-20160816;
        b=UMXkpx8UUkQsTG8kTkg1BJIyHpNpuZa65ukHd+9lGq6FxBaNYp3qooZdMMfQNWpAQI
         hfddKaxZAF1TlfVTutDZRtnWlx2NFaZ4eo+sV6ujsRSPCFL+4ueHGbUCSLHhb2FX7hAP
         3w1Ika4RkvI9ehu7Ae9sZSmQHeHkf7UxLpwwXqEgVYHRAiw4rKj0Pl5gbUNdACofO65I
         KaiYJBD4NvXzMWx/13lzm8BfRSTGBNwcaZE+nQ+MB+dYKzYpE1mtc2s7ZfZkBu1azmzG
         9IyrzorSSJjgqVNrYOMrpsILkA8lZ2YvO1Y1UrKmeflbxf9IBesWP69aii9KjEfAIZ0P
         2iOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=CM2XDq5kFTbixcES7brQMZcxqNcgcFiPDcMlkwsePQo=;
        b=X8zxjMaHR/wHAn1RaTL3uAljbrUWE6ixLRzrVs5yX6y5q+tNHPom9FkhfjCabNZpWr
         kkbVzr5D7QXL07Srf95nu5m0jZ2N0q16iXgKEolule1+MXsyboAjRMu/EDv43mJoMNVX
         BmZnApJ5lVD483IWWN2HAz8Oj4Vc6eYHUcTpHGnBNvHLfQK/GgixGaLYXiIhJuTXQQ1j
         +mrQ/7TU3zNyRdQkpPnjppruBvPiOASAfihoatHG/SHHQ2L1x3fP64I2tVmWxIx0U1nX
         VpKJkgDZP94z24ZWJowXxcxTxRMl2Z5tRozSR5ee5NRRm7fiXtplDZceKsnFRfU4nDhS
         zJWg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gYvqBUCX;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l6si6856759otn.219.2020.03.31.02.10.01;
        Tue, 31 Mar 2020 02:10:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=gYvqBUCX;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731355AbgCaJJd (ORCPT <rfc822;rafael.sjavar@gmail.com>
        + 99 others); Tue, 31 Mar 2020 05:09:33 -0400
Received: from mail.kernel.org ([198.145.29.99]:52650 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731473AbgCaJJa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 31 Mar 2020 05:09:30 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id C319D20675;
        Tue, 31 Mar 2020 09:09:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1585645770;
        bh=AWCdgu6dNEmRTTcrueFTFFBMA8I6/uWJz3XKank3eVQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=gYvqBUCXc7upa2WEce+8k36V3/1VDsS7zi/6b1jCBuEuCC6Kt36MFO8Hbd+cmLxV5
         eFUjlHjtD/uLdxPEb3V23H9dsY6AJc0J/3jXDTMVY/bvOx5Pl1QG0ZMUrCK9AL32bt
         CxGCVkPFhRrF0lr+o1/X4pCJjd6YZyG+cretx2mo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Andrii Nakryiko <andriin@fb.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Roman Gushchin <guro@fb.com>
Subject: [PATCH 5.5 118/170] bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory
Date:   Tue, 31 Mar 2020 10:58:52 +0200
Message-Id: <20200331085436.664958401@linuxfoundation.org>
X-Mailer: git-send-email 2.26.0
In-Reply-To: <20200331085423.990189598@linuxfoundation.org>
References: <20200331085423.990189598@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Andrii Nakryiko <andriin@fb.com>

commit 1d8006abaab4cb90f81add86e8d1bf9411add05a upstream.

There is no compensating cgroup_bpf_put() for each ancestor cgroup in
cgroup_bpf_inherit(). If compute_effective_progs returns error, those cgroups
won't be freed ever. Fix it by putting them in cleanup code path.

Fixes: e10360f815ca ("bpf: cgroup: prevent out-of-order release of cgroup bpf")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Roman Gushchin <guro@fb.com>
Link: https://lore.kernel.org/bpf/20200309224017.1063297-1-andriin@fb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/bpf/cgroup.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -228,6 +228,9 @@ cleanup:
 	for (i = 0; i < NR; i++)
 		bpf_prog_array_free(arrays[i]);
 
+	for (p = cgroup_parent(cgrp); p; p = cgroup_parent(p))
+		cgroup_bpf_put(p);
+
 	percpu_ref_exit(&cgrp->bpf.refcnt);
 
 	return -ENOMEM;