Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1731902pxf; Fri, 19 Mar 2021 14:29:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCFxhE7CJumQfcvQApa1RHTpnP3Rop+aGk7XJubqUt4z7DUZasdQNNtodpqtVB73HeRvyy X-Received: by 2002:a17:906:c005:: with SMTP id e5mr6681533ejz.270.1616189359550; Fri, 19 Mar 2021 14:29:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616189359; cv=none; d=google.com; s=arc-20160816; b=aVxIBO/jt34L/tJ5BrMUFIk4RGXQc4HPaZXshMGKH+704BVO6B1UUlWQqGqh7QUOD3 7tYenTObW65Fibtt+IDHyeCkJAUMNSm1jFCyo3V8mTb12a3A04De1CcIadNkLyirli14 nhy8VDlbfgXiLPdIo5CYEiA8aIctTt4BvfuO+K3sXKHK/ifNcIICgPRgPRMxDgmhBa/K 0Ov/vvl414/7mXGnXXMWP/eoBC4olBKTpiju+Q2EFovLPhdp3Er2Hkc2WQRx4vYIijyw VEs0mlZ/TGnBKbXBpiAgk8Br0K4fvDl6d85syPQYuBt6AMWXHzAGv+48Kkn8b8iCjd7i sdGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=573ZgZcpnamA8KyCVKogn2GanAAlrjCdK4hjLpsmeH4=; b=CWSF2asReXK1llr4cU3IfESOJ9THl8LRSWegZrgTL6UD6ftWubaIb/ZhRQd0qeh9Sh B+VvKGFBXX6BmDbL+sTLc30C0lrS4GtyPmGJjYzVQSzaA7GeSrqSILtsD/KsL+UpiERb DH1+TO9Bux0pFsJ0fDDrBM4RJI3UwnZA3b2aqLyTlXjHmxRvAKOqejX7gYGcripab9UD LwwZgp2UQtIng8iTX2vA378RTU5Z7CEE26vI60jzsXjMt+WxtnsqZYeoeaW7bb0cxulV RqKuVTdw7YVNsUaIUYcfAs3Q5gek9QbbIRjyY36vj22GAfuqtwdV2OaoPUrbagO6RD5I nwaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q3si5290901eji.445.2021.03.19.14.28.56; Fri, 19 Mar 2021 14:29:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230370AbhCSV0T (ORCPT + 99 others); Fri, 19 Mar 2021 17:26:19 -0400 Received: from www62.your-server.de ([213.133.104.62]:35392 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230411AbhCSV0K (ORCPT ); Fri, 19 Mar 2021 17:26:10 -0400 Received: from sslproxy02.your-server.de ([78.47.166.47]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lNMd9-000A6q-VX; Fri, 19 Mar 2021 22:26:03 +0100 Received: from [85.7.101.30] (helo=pc-9.home) by sslproxy02.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lNMd9-0006P1-O9; Fri, 19 Mar 2021 22:26:03 +0100 Subject: Re: [PATCH v3] bpf: Fix memory leak in copy_process() To: qiang.zhang@windriver.com, ast@kernel.org, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org References: <20210317030915.2865-1-qiang.zhang@windriver.com> From: Daniel Borkmann Message-ID: Date: Fri, 19 Mar 2021 22:26:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20210317030915.2865-1-qiang.zhang@windriver.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.102.4/26113/Fri Mar 19 12:14:45 2021) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/17/21 4:09 AM, qiang.zhang@windriver.com wrote: > From: Zqiang > > The syzbot report a memleak follow: > BUG: memory leak > unreferenced object 0xffff888101b41d00 (size 120): > comm "kworker/u4:0", pid 8, jiffies 4294944270 (age 12.780s) > backtrace: > [] alloc_pid+0x66/0x560 > [] copy_process+0x1465/0x25e0 > [] kernel_clone+0xf3/0x670 > [] kernel_thread+0x61/0x80 > [] call_usermodehelper_exec_work > [] call_usermodehelper_exec_work+0xc4/0x120 > [] process_one_work+0x2c9/0x600 > [] worker_thread+0x59/0x5d0 > [] kthread+0x178/0x1b0 > [] ret_from_fork+0x1f/0x30 > > unreferenced object 0xffff888110ef5c00 (size 232): > comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s) > backtrace: > [] kmem_cache_zalloc > [] __alloc_file+0x1f/0xf0 > [] alloc_empty_file+0x69/0x120 > [] alloc_file+0x33/0x1b0 > [] alloc_file_pseudo+0xb2/0x140 > [] create_pipe_files+0x138/0x2e0 > [] umd_setup+0x33/0x220 > [] call_usermodehelper_exec_async+0xb4/0x1b0 > [] ret_from_fork+0x1f/0x30 > > after the UMD process exits, the pipe_to_umh/pipe_from_umh and tgid > need to be release. > > Fixes: d71fa5c9763c ("bpf: Add kernel module with user mode driver that populates bpffs.") > Reported-by: syzbot+44908bb56d2bfe56b28e@syzkaller.appspotmail.com > Signed-off-by: Zqiang Applied to bpf, thanks (also did minor style fixups to fix kernel style)!