Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3035996ybt; Mon, 29 Jun 2020 13:32:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyR8d66HlnFBkemMj7rtnVkxy3J5ieUlBDFqarULJS74LH5CHZ+/CUITm8igfl8FcpXaBiS X-Received: by 2002:a17:906:1a59:: with SMTP id j25mr14673465ejf.398.1593462734786; Mon, 29 Jun 2020 13:32:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593462734; cv=none; d=google.com; s=arc-20160816; b=i2M/VhXSoiejVsHkw9/mQTg0EDs3Sa1+Y0zZH3H+Vip6KpSsK0kHom22iWRa7hgZxQ Y9mgaWOd5jhblVOUkqFrDnThXlyj1vozeym3X//wirKcbM0YJrhfOpHD/rvjVEvN7VQT BKYpfsFgIOXvF98DmtFqBkJ1KeMKLOA2VChdSmpHMLV8aR7CTqXq0JTDDWPWrx7Iy31a OuhERbI1lGbdax3N/RY1DqPo6dJ970ZUq1md8RVXNDrXDEkd9NEPMooHZoZzyRP05477 /VuRPiyKFCENQmn69mQD5PhWzzhWahRNZO+T4H7f6dfhkeftpFe04h+NqBxzw56Q1Ekm oDDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6y15XXLiZJV9Em3N0tFC2iONJQakkovsPB+hzTM5qtQ=; b=RR1up+z4ivOHCyAjrZPv7oAnq5o8XLPp+avRSGzc9t9qMJvgBWj1NxxpLbFt2upKqn 5qWXLKwQo6fP7akJBGIfLLnygxlESDMbFhp8r70PjELC9/hGCmglnxC19WOPk/M4mCbB 3T7Kjm3SdmkcTpebU0rjdOJuT/xFH86cZBAvIiv0gB6mqgJQxpTcfxdLI9bfuN82qFki Lvfzbg6qYNRkz9FTcEFuFYEXO0P4FJrAtKg9Uf6oWFj3tnFH1DzCqx1JdXRi9DBMeFGT F9SoYEM+xh0yr1p74szXD5ne2bTvlHV+TwEGZzhh1kzoVuiEKv25trKqyLMV2WdJXhV3 bjVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UQYCFGiH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rv20si381828ejb.420.2020.06.29.13.31.52; Mon, 29 Jun 2020 13:32:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=UQYCFGiH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387868AbgF2UbE (ORCPT + 99 others); Mon, 29 Jun 2020 16:31:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:37054 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732481AbgF2TZT (ORCPT ); Mon, 29 Jun 2020 15:25:19 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C063D25429; Mon, 29 Jun 2020 15:42:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593445378; bh=qIdhd1f6eHOYapZmovH72ShT5h0sRK0Uxj8J0WuHwpc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UQYCFGiHJP4fA9y3C3/zERlyMvqd+GDxBWxsUWw2aLT6S+0p+F1oFXm2UJEFcgMFt 56OgAIAIa5tqmY9Sh+4AwWb8LL3R14A69WIm6oVbKQ1sheRxEI02iwj+mE01HBLIHi Dxdw5KMHMlArI8DMIf6zcqaUtDKqUU6hWthUN7+I= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Yang Yingliang , Hulk Robot , "David S . Miller" , Greg Kroah-Hartman Subject: [PATCH 4.9 133/191] net: fix memleak in register_netdevice() Date: Mon, 29 Jun 2020 11:39:09 -0400 Message-Id: <20200629154007.2495120-134-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200629154007.2495120-1-sashal@kernel.org> References: <20200629154007.2495120-1-sashal@kernel.org> MIME-Version: 1.0 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.229-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-4.9.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 4.9.229-rc1 X-KernelTest-Deadline: 2020-07-01T15:39+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yang Yingliang [ Upstream commit 814152a89ed52c722ab92e9fbabcac3cb8a39245 ] I got a memleak report when doing some fuzz test: unreferenced object 0xffff888112584000 (size 13599): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 74 61 70 30 00 00 00 00 00 00 00 00 00 00 00 00 tap0............ 00 ee d9 19 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002f60ba65>] __kmalloc_node+0x309/0x3a0 [<0000000075b211ec>] kvmalloc_node+0x7f/0xc0 [<00000000d3a97396>] alloc_netdev_mqs+0x76/0xfc0 [<00000000609c3655>] __tun_chr_ioctl+0x1456/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff888111845cc0 (size 8): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 8 bytes): 74 61 70 30 00 88 ff ff tap0.... backtrace: [<000000004c159777>] kstrdup+0x35/0x70 [<00000000d8b496ad>] kstrdup_const+0x3d/0x50 [<00000000494e884a>] kvasprintf_const+0xf1/0x180 [<0000000097880a2b>] kobject_set_name_vargs+0x56/0x140 [<000000008fbdfc7b>] dev_set_name+0xab/0xe0 [<000000005b99e3b4>] netdev_register_kobject+0xc0/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff88811886d800 (size 512): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff c0 66 3d a3 ff ff ff ff .........f=..... backtrace: [<0000000050315800>] device_add+0x61e/0x1950 [<0000000021008dfb>] netdev_register_kobject+0x17e/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 If call_netdevice_notifiers() failed, then rollback_registered() calls netdev_unregister_kobject() which holds the kobject. The reference cannot be put because the netdev won't be add to todo list, so it will leads a memleak, we need put the reference to avoid memleak. Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/dev.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index edb2ddbbed9a1..267b648a0645e 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -7355,6 +7355,13 @@ int register_netdevice(struct net_device *dev) rcu_barrier(); dev->reg_state = NETREG_UNREGISTERED; + /* We should put the kobject that hold in + * netdev_unregister_kobject(), otherwise + * the net device cannot be freed when + * driver calls free_netdev(), because the + * kobject is being hold. + */ + kobject_put(&dev->dev.kobj); } /* * Prevent userspace races by waiting until the network -- 2.25.1