Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1973561ybh; Tue, 14 Jul 2020 12:02:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx29lX/UIGhYoqCOd6TGxgpmalaSfYBkEmQqQiNwKtz3D8dqt7xLKz8GcJXTKkE1o0p2ih2 X-Received: by 2002:aa7:c808:: with SMTP id a8mr6241601edt.259.1594753340395; Tue, 14 Jul 2020 12:02:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594753340; cv=none; d=google.com; s=arc-20160816; b=0DXhE2+yy82boNiDwujDh4X3MjLokjNoYoCFIvQNIN3yFAIFF1XmDMaTSRhpJ5yexs fMlVJHh8flsjfM0tgVygb+ofZjYUMmtfDdeaJNoyYAFkVzHDGjmUyVGPG9qgDlayea3C eASEDn51rebjtXStMWKILUnarhnoVpYXV4NAdgcWUWJV3+PaI1Ilq9HDlJCgj4BgbUfH 4U2Jl/03by9sMIIx4zvzwkBsbj86Wa89DZfvJqu34MDe/1cneb9ju56nVlxQpxaeTon3 4BWWvK27pMxkpxMfMijFQ+kX+Jq+B2Yz/7EKkb+YB/oJDqx0LS+N7WRoxODmyRKE7rX8 AAeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=7X2/6Xkpv1jHTdOYDpSto208BDkNh9mTw7g5Wx3eorE=; b=ZB8NWD1CqoAf+4iPgomQ/haYKg2t5k6zxOHoCxHNHzn2pB9DI9He9mP3924kmCdVYZ EYdIs9XRt/P4xUJfv0v1ALAu5kGW/DEi7t1pn7cg5HKf4jYkgSjl5kiE+bLw50BmAnYI SsibMjCsoGZBMP0l2i/00QMHDWPcv0wi3fvtncXUjhqP1p84lEwLMehCgbU1J0UJxjWw RuUWVxRgg4hwaiTjDykzCGKuK+e6biOeFUdgyCzLzdjA8JZ2BXobbWx8FURRqCVI+7Nv Jb6+DMN1hatKJADijC19rYjp25C4gIJQ8RD2/6rXVkIocDSTMOcf1ywUcjbX+rvPV+Rf 6dhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="IeXNbBv/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id me25si11993218ejb.164.2020.07.14.12.01.56; Tue, 14 Jul 2020 12:02:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="IeXNbBv/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730415AbgGNTAF (ORCPT + 99 others); Tue, 14 Jul 2020 15:00:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:58640 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731015AbgGNS74 (ORCPT ); Tue, 14 Jul 2020 14:59:56 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F001122507; Tue, 14 Jul 2020 18:59:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594753196; bh=G15zM31QICDMV7rJs5RJeHhuMGQu1mL+XeWYE7wr6vs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IeXNbBv/gM4hj/iXPkxL6uUZ6LH/FW2CJ0sABNX4yDoNT9nVkyYU/rjw+Z/KBe1fW jJvjokIe/A3zzmVGWVzr9bRVJVr33mSwSkqOSrFr7hSQ8q1I11xb9HigPt3co1Ky6I Rbo27OrLmbVZbpnFoQInA5rZUmDugro3nljZZqLM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hulk Robot , Yang Yingliang , Jens Axboe Subject: [PATCH 5.7 126/166] io_uring: fix memleak in io_sqe_files_register() Date: Tue, 14 Jul 2020 20:44:51 +0200 Message-Id: <20200714184121.866656714@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714184115.844176932@linuxfoundation.org> References: <20200714184115.844176932@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yang Yingliang commit 667e57da358f61b6966e12e925a69e42d912e8bb upstream. I got a memleak report when doing some fuzz test: BUG: memory leak unreferenced object 0x607eeac06e78 (size 8): comm "test", pid 295, jiffies 4294735835 (age 31.745s) hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace: [<00000000932632e6>] percpu_ref_init+0x2a/0x1b0 [<0000000092ddb796>] __io_uring_register+0x111d/0x22a0 [<00000000eadd6c77>] __x64_sys_io_uring_register+0x17b/0x480 [<00000000591b89a6>] do_syscall_64+0x56/0xa0 [<00000000864a281d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Call percpu_ref_exit() on error path to avoid refcount memleak. Fixes: 05f3fb3c5397 ("io_uring: avoid ring quiesce for fixed file set unregister and update") Cc: stable@vger.kernel.org Reported-by: Hulk Robot Signed-off-by: Yang Yingliang Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- fs/io_uring.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -6751,6 +6751,7 @@ static int io_sqe_files_register(struct for (i = 0; i < nr_tables; i++) kfree(ctx->file_data->table[i].files); + percpu_ref_exit(&ctx->file_data->refs); kfree(ctx->file_data->table); kfree(ctx->file_data); ctx->file_data = NULL;