Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3026083ybt; Mon, 29 Jun 2020 13:14:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTPs6SrifEbFAcGmIW004Zss17B2hWLU03Kpds/Nv507s8fGqS7ioQcSA0an8Xs8Z02pSs X-Received: by 2002:a17:906:199b:: with SMTP id g27mr14822842ejd.297.1593461689940; Mon, 29 Jun 2020 13:14:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593461689; cv=none; d=google.com; s=arc-20160816; b=vhBbL25qub6JoTkS9izlU3XvMyKdfg+grsMB6A7IbdJBu6ncANrGG0UVAb6e1AGMgE YK7JFmd+9wfzWeQoEnOuR3RiSaheoD139kXTN2vYKyQa0ZdDCjvysE9rJjHn3l07rXjT 6rsZ7x9gpiEtuNg0u9it34NHLw220GQkBOGcP3Ze2i3IFqGsbKF/es2ltVzYEcziptX+ AIsUN4B/NOKDt+OZNBtr5+JySNJ6/xmYEoKQB46r2gUSMHgsY9hMkSXsL2dM5p9fq6j1 Zr5EsDVFmijuwttVn8QSy/uDsgVFmiG5+HQiYz6YtEqDzrgS/NZxNg5UIs+FFSWKx6vq soSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qSs2OKWjMf0DMb5yHMlxUpaAVhmmu4IeGLsTRo2fCOw=; b=egt2EWehZ7F6HzF5ygvqNXsZ1qkKTw0QMe72arwD/3jF8LAbSHIMS9HRWn6qIJY8tw Gij+ntAU9daIUZicjUWhdZwc69615dlFDb+E1pX5QMM0kYEdeAOJ0Y+reN/oG5ATdBd/ IVNDpfjI+jaE42tb8J1f3DhFvw+zuCNRZK8o5UuOwyqv0K9fz0ZNGFrB6P5h/QquS1oe cuAxPry/BPK4f8BZq5QlqKLtBj6BoeKbFLPcpLXdoS/rWmdVaAyGxYgTLCbmfhOg16Gq VNQDlmyK3d3sgM+qL3wEurJ/64aKoFxrG+8XkFI+qndsdofiYfmMSXnizTKkbVpCL3s/ +cBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m44OD4zd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h11si378106eji.666.2020.06.29.13.14.26; Mon, 29 Jun 2020 13:14:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m44OD4zd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731018AbgF2UNJ (ORCPT + 99 others); Mon, 29 Jun 2020 16:13:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:40556 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732866AbgF2TaU (ORCPT ); Mon, 29 Jun 2020 15:30:20 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 64DD2252D9; Mon, 29 Jun 2020 15:38:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593445101; bh=3ZMdc+RGeK23hlZouBqse1iDaDpe7ynZ7ye5vWuCnWI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=m44OD4zdwAJWw5lYC4xMgVUEmjV3SU/wEotRd9Nz6KCKAx5hNLNce0Az1w/2/h/2B fZ5mC6z/TX6eVy9IqrU91qc3hfsEOTndrT1vP7MDXTDkcAWZTjRLoPZScejuSNYFtk kQPDTsozY4YcMyGbuAmKo/MZpqH6GyMGg3xd9ikE= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Yang Yingliang , Hulk Robot , "David S . Miller" , Greg Kroah-Hartman Subject: [PATCH 4.14 10/78] net: fix memleak in register_netdevice() Date: Mon, 29 Jun 2020 11:36:58 -0400 Message-Id: <20200629153806.2494953-11-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200629153806.2494953-1-sashal@kernel.org> References: <20200629153806.2494953-1-sashal@kernel.org> MIME-Version: 1.0 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.186-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-4.14.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 4.14.186-rc1 X-KernelTest-Deadline: 2020-07-01T15:38+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yang Yingliang [ Upstream commit 814152a89ed52c722ab92e9fbabcac3cb8a39245 ] I got a memleak report when doing some fuzz test: unreferenced object 0xffff888112584000 (size 13599): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 74 61 70 30 00 00 00 00 00 00 00 00 00 00 00 00 tap0............ 00 ee d9 19 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002f60ba65>] __kmalloc_node+0x309/0x3a0 [<0000000075b211ec>] kvmalloc_node+0x7f/0xc0 [<00000000d3a97396>] alloc_netdev_mqs+0x76/0xfc0 [<00000000609c3655>] __tun_chr_ioctl+0x1456/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff888111845cc0 (size 8): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 8 bytes): 74 61 70 30 00 88 ff ff tap0.... backtrace: [<000000004c159777>] kstrdup+0x35/0x70 [<00000000d8b496ad>] kstrdup_const+0x3d/0x50 [<00000000494e884a>] kvasprintf_const+0xf1/0x180 [<0000000097880a2b>] kobject_set_name_vargs+0x56/0x140 [<000000008fbdfc7b>] dev_set_name+0xab/0xe0 [<000000005b99e3b4>] netdev_register_kobject+0xc0/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff88811886d800 (size 512): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff c0 66 3d a3 ff ff ff ff .........f=..... backtrace: [<0000000050315800>] device_add+0x61e/0x1950 [<0000000021008dfb>] netdev_register_kobject+0x17e/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 If call_netdevice_notifiers() failed, then rollback_registered() calls netdev_unregister_kobject() which holds the kobject. The reference cannot be put because the netdev won't be add to todo list, so it will leads a memleak, we need put the reference to avoid memleak. Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/dev.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 0aaa1426450fa..1ee177485fd0f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -7694,6 +7694,13 @@ int register_netdevice(struct net_device *dev) rcu_barrier(); dev->reg_state = NETREG_UNREGISTERED; + /* We should put the kobject that hold in + * netdev_unregister_kobject(), otherwise + * the net device cannot be freed when + * driver calls free_netdev(), because the + * kobject is being hold. + */ + kobject_put(&dev->dev.kobj); } /* * Prevent userspace races by waiting until the network -- 2.25.1