Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3058768ybt; Mon, 29 Jun 2020 14:11:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx2KMG/8f4fcdEh//BdvSHTpCSlso51LfSQB9RzaeK5bUYh37xehBsch1oKFWDfHLmvSMjL X-Received: by 2002:a17:906:97d7:: with SMTP id ef23mr15880056ejb.450.1593465075766; Mon, 29 Jun 2020 14:11:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593465075; cv=none; d=google.com; s=arc-20160816; b=ShThqM0lFWsK2ZoN0UK1uNFHbnQ//bmI5dmw3oS1F0fLUjT/V+PtdcvCeb3+teo+ct zjU+NOhlPsHFC+AiWzGJgY2PwGv7ASU6wwHnCSK2Qy+hyRzaxsBHPKqMu3za9AIBtpuI +18uPSC/lo6xOW9P68zdsLeKHlOWpVRPJMUBWiWc091E4wdtEqwSZQTmX1XU85jFB5Tk NISbCFpwkTFjtaSWEF7yom9U0QQyJrBMowDP9a5/cXBwSFduS4TTzUmVIOYn6FqJ5MbW CTVoTVijF0qdZNZFktAU1lLn6XQSRglmXRAC3/d41yP9upWiw6j7TC78N/rbhQ+jcWzk j/NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CFS1CR+NsYsJhkTYfUd+6MVllKtm684wWwM9vpGEG1c=; b=ErHci4NPMRLfkOKxSBp1eWjQsuaXu9QetRBFV0mHMQowl2EtR1Wn5o6fG7s4GGUNbj x7x2tRPlrKTlhB34COo1g4fmTGT/2wrJviP5R1/QWHtgzK/hmphfOTnIfG985Cmg7hTj dt48GAk9JZWX771Hbq5HgU3eA/Ly5CQ2S0ypQwogLUvD5U1LLuSVNgCpIrbh9UaEGRDJ BXDtbZ/EoP+RDzxHaeNZPgsANdTS296aP+rrrtESzgSU9qLuokA7S9HRjjDtCFic4VlZ xhI5Z4aDAjm/4Qke8nWpuGAeZ8Wd87EFj6wucAMsVqe8f+vs42WAlmnBFwUK0Oaz4+Rj OZ+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tw4bPVJM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bw19si380012ejb.729.2020.06.29.14.10.52; Mon, 29 Jun 2020 14:11:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=tw4bPVJM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390253AbgF2VJf (ORCPT + 99 others); Mon, 29 Jun 2020 17:09:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:45420 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730314AbgF2TAS (ORCPT ); Mon, 29 Jun 2020 15:00:18 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7E55325527; Mon, 29 Jun 2020 15:54:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593446087; bh=3EB4DZqVoFyQto/b1QnVXsp5YHbKVYrBtULo/IYkatE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tw4bPVJM0cq56dr3hZRShLIDgqG0uPQ3+fFIYGz59GqtUjsrJ/7V9EGd6sCBpaMPQ G+DenUu1i6unffB9jT5kZyTTSaSdYyFBtioKrCgvE1tTx73j/HWkl7ZMVm+x7Zxeh3 QLn6gOjM04T5bzbfQTp/AWldjtfB1MmKePdYUG2I= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Yang Yingliang , Hulk Robot , "David S . Miller" , Greg Kroah-Hartman Subject: [PATCH 4.4 082/135] net: fix memleak in register_netdevice() Date: Mon, 29 Jun 2020 11:52:16 -0400 Message-Id: <20200629155309.2495516-83-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200629155309.2495516-1-sashal@kernel.org> References: <20200629155309.2495516-1-sashal@kernel.org> MIME-Version: 1.0 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.229-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-4.4.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 4.4.229-rc1 X-KernelTest-Deadline: 2020-07-01T15:53+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yang Yingliang [ Upstream commit 814152a89ed52c722ab92e9fbabcac3cb8a39245 ] I got a memleak report when doing some fuzz test: unreferenced object 0xffff888112584000 (size 13599): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 74 61 70 30 00 00 00 00 00 00 00 00 00 00 00 00 tap0............ 00 ee d9 19 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<000000002f60ba65>] __kmalloc_node+0x309/0x3a0 [<0000000075b211ec>] kvmalloc_node+0x7f/0xc0 [<00000000d3a97396>] alloc_netdev_mqs+0x76/0xfc0 [<00000000609c3655>] __tun_chr_ioctl+0x1456/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff888111845cc0 (size 8): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 8 bytes): 74 61 70 30 00 88 ff ff tap0.... backtrace: [<000000004c159777>] kstrdup+0x35/0x70 [<00000000d8b496ad>] kstrdup_const+0x3d/0x50 [<00000000494e884a>] kvasprintf_const+0xf1/0x180 [<0000000097880a2b>] kobject_set_name_vargs+0x56/0x140 [<000000008fbdfc7b>] dev_set_name+0xab/0xe0 [<000000005b99e3b4>] netdev_register_kobject+0xc0/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff88811886d800 (size 512): comm "ip", pid 3048, jiffies 4294911734 (age 343.491s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff c0 66 3d a3 ff ff ff ff .........f=..... backtrace: [<0000000050315800>] device_add+0x61e/0x1950 [<0000000021008dfb>] netdev_register_kobject+0x17e/0x390 [<00000000602704fe>] register_netdevice+0xb61/0x1250 [<000000002b7ca244>] __tun_chr_ioctl+0x1cd1/0x3d70 [<000000001127ca24>] ksys_ioctl+0xe5/0x130 [<00000000b7d5e66a>] __x64_sys_ioctl+0x6f/0xb0 [<00000000e1023498>] do_syscall_64+0x56/0xa0 [<000000009ec0eb12>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 If call_netdevice_notifiers() failed, then rollback_registered() calls netdev_unregister_kobject() which holds the kobject. The reference cannot be put because the netdev won't be add to todo list, so it will leads a memleak, we need put the reference to avoid memleak. Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/dev.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 82f9ec1bd94b6..67725818d562d 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -6840,6 +6840,13 @@ int register_netdevice(struct net_device *dev) rcu_barrier(); dev->reg_state = NETREG_UNREGISTERED; + /* We should put the kobject that hold in + * netdev_unregister_kobject(), otherwise + * the net device cannot be freed when + * driver calls free_netdev(), because the + * kobject is being hold. + */ + kobject_put(&dev->dev.kobj); } /* * Prevent userspace races by waiting until the network -- 2.25.1