Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1183712pxu;
        Thu, 17 Dec 2020 04:20:40 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzBZtYbhvjMSaHDDPLOiJqkoiqmf6cWq1qZGrBUiJUvGqeP8HLXF6Hd08RCEy2fJzlxRVWk
X-Received: by 2002:aa7:dac5:: with SMTP id x5mr39001025eds.198.1608207640478;
        Thu, 17 Dec 2020 04:20:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1608207640; cv=none;
        d=google.com; s=arc-20160816;
        b=eucbQIi131gsHnngx0aDqcJbvK7T6sesAdpYR0jC5Q20V6bscf5oR1rtMe45XXn+j2
         w47xZadkNCRlMvb/hSf8fpJCkgpa5uCN6KuZgbFCd15EpF0utZwRhEjrXVt2mUJzECin
         P/pt9QPGH9p3hK9JQIrrScsgyDfo9mxEmi6P+GSrAxxw5UAy1Y//JkeIZy08vKLYB0HS
         JJrtq8J6xS04uuDMJVWEXQzB0CZmpQnVNDHPuTVj855u9Yduwr9/GpEEYtOAIMkKIBIq
         3nqoEi+csNFGRsZWh+FaYQ7q098z2i3cIDut0TTTMQt9nBrHqbdQYKkTSERCeTj7meuq
         mI/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=97Q660UDVejClOihLCcBj5e2TaaJEpYU3w9ZWfPY92A=;
        b=jRFLpaaHhF6kRAymFOCTWzB++WH5Oi1vqGqvKAADwWimoFdydXkqo86hs4TxcMgjSa
         7FCAJH2wfUd1cIiZNzfoIK9uGD/kB89o4F4Lcfa3Bks+nIU1fXN8BfvcibMaAHPSJGVF
         5borvtKLUS8brs0osgw98VOaDOnLIVpiC/VsIjhq7cRRgw7rvQkDSA77qfFuV5H6KMmK
         30bNuWN6a5J0M2oNLflt3KqXcW/9Wq3rkRkjoAnfOoYNo4QlMwbGfvhkOQUDgYZp4ocD
         kpvpg0EAVSMq8EFeYM+Gev8oQldcJWqXeBhwYKE6xKsGR0OY5torkdD3evw/L7zSdz5y
         ehnw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e19si4341682edv.458.2020.12.17.04.20.17;
        Thu, 17 Dec 2020 04:20:40 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728672AbgLQMTS (ORCPT <rfc822;luzhigang001@gmail.com>
        + 99 others); Thu, 17 Dec 2020 07:19:18 -0500
Received: from mailgw01.mediatek.com ([210.61.82.183]:51185 "EHLO
        mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
        with ESMTP id S1727215AbgLQMTN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Dec 2020 07:19:13 -0500
X-UUID: d8bec07d2f73466d908a195ff5aef059-20201217
X-UUID: d8bec07d2f73466d908a195ff5aef059-20201217
Received: from mtkcas10.mediatek.inc [(172.21.101.39)] by mailgw01.mediatek.com
        (envelope-from <kuan-ying.lee@mediatek.com>)
        (Cellopoint E-mail Firewall v4.1.14 Build 0819 with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
        with ESMTP id 624995331; Thu, 17 Dec 2020 20:18:27 +0800
Received: from mtkcas10.mediatek.inc (172.21.101.39) by
 mtkmbs01n1.mediatek.inc (172.21.101.68) with Microsoft SMTP Server (TLS) id
 15.0.1497.2; Thu, 17 Dec 2020 20:18:23 +0800
Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkcas10.mediatek.inc
 (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Thu, 17 Dec 2020 20:18:24 +0800
From:   Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
To:     Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Matthias Brugger <matthias.bgg@gmail.com>
CC:     <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
        <linux-kernel@vger.kernel.org>,
        <linux-arm-kernel@lists.infradead.org>,
        <linux-mediatek@lists.infradead.org>, <wsd_upstream@mediatek.com>,
        <stable@vger.kernel.org>,
        Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Subject: [PATCH v2 1/1] kasan: fix memory leak of kasan quarantine
Date:   Thu, 17 Dec 2020 20:18:07 +0800
Message-ID: <1608207487-30537-2-git-send-email-Kuan-Ying.Lee@mediatek.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1608207487-30537-1-git-send-email-Kuan-Ying.Lee@mediatek.com>
References: <1608207487-30537-1-git-send-email-Kuan-Ying.Lee@mediatek.com>
MIME-Version: 1.0
Content-Type: text/plain
X-MTK:  N
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When cpu is going offline, set q->offline as true
and interrupt happened. The interrupt may call the
quarantine_put. But quarantine_put do not free the
the object. The object will cause memory leak.

Add qlink_free() to free the object.

Fixes: 6c82d45c7f03 (kasan: fix object remaining in offline per-cpu quarantine)
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: <stable@vger.kernel.org>    [5.10-]
---
 mm/kasan/quarantine.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
index 0e3f8494628f..cac7c617df72 100644
--- a/mm/kasan/quarantine.c
+++ b/mm/kasan/quarantine.c
@@ -191,6 +191,7 @@ void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache)
 
 	q = this_cpu_ptr(&cpu_quarantine);
 	if (q->offline) {
+		qlink_free(&info->quarantine_link, cache);
 		local_irq_restore(flags);
 		return;
 	}
-- 
2.18.0