Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4359174pxj; Tue, 8 Jun 2021 12:21:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwwi7uJqYDCMPtjz+F/zRcI0srkxJRLmhtqw6roZZbd6aA0zSovUpxwgxNDcNLv/YlrmbgX X-Received: by 2002:a17:906:9143:: with SMTP id y3mr24192023ejw.465.1623180071013; Tue, 08 Jun 2021 12:21:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623180071; cv=none; d=google.com; s=arc-20160816; b=IjKo0M4QlOEebKduGolgC1Qd3J1S2DhvzRlF2t+ZjFCv8OuPqSNfoYfMFu60k2yCzp f8X/DLdJQNd6DVDnKFCoK1uhJvFVYZJv9FRMrz5uJDqB3jgbJHvnexW+sIn6xLvikaMZ FUES30WCpKsE3xI4m0ZK/g0PwbrdPTBVr2r2rHrm8itAbu89UJDXUBjPZg5jqtotGKAx G+uBrdpAA+h5vSsXAiXmFWhdL22F/t0vazCILT3gSJ4jLsDPlEXEbGJA3Rmig3bt6K6G hblpclkmbXiTCyPe8RicI1eA8DouKd1c9pxSzQfDzs+niX0zC5wqzbAGQDXnei23Z6CL ezxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=u0LwvLkCFwNQC5wSRGmwyZVIpXHSkl5nwoq97MPxohM=; b=Wlva9AC9bBSxRwLpSzorFXftEHou0SyDX8iuOc3suxYIJKD2XH1PWYgV6oNCd9cIEQ Avbb34UYuS/Ni0gTxCHpu2Z6RTUFJjokJOAV8CaoIJ4Xoo+udXVGV3sN0W/+CMZmB+6I LzmCuWZx6KZRNldM1OIQdxFVnC8Hxbt8ZdajAtgcqXyz7ptQ2bhOVaW5TRRxYeiqCZKD 5OmDFJsjNMBhK07GoyZPabM4RyhdfxcuVIXXool1tQkSHJLtfmyg5YMQEsZndmBYfgYt TxEOwXrh053Sq97j874YUjiL3/yIHCM2PbJ4onurF0qURNw00oRxM0JBS5hdvxksQDzH Dumg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ndpGSAQ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o22si423582edq.221.2021.06.08.12.20.46; Tue, 08 Jun 2021 12:21:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ndpGSAQ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238040AbhFHTSb (ORCPT + 99 others); Tue, 8 Jun 2021 15:18:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:43872 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235020AbhFHTHE (ORCPT ); Tue, 8 Jun 2021 15:07:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D72C1613DF; Tue, 8 Jun 2021 18:47:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1623178024; bh=4hzoAdGgJOqf3nKZ34CIR3j3mzrlfvsy+RzqY+pz7vo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ndpGSAQ62+TzIVvFO6PlJj5DCbVs7XPqE2Eb99hSKBkKsTwaqPWAgN/S4g2bXALLz pRM3bZ4KYrJdT9vf8RUt2SBBqW0UbzkgC3TH2Wuv3g85rWYEQgW0e4ju/GMp4jT94D 7sRYopsBrkPEaWE5HZuSRC9VyphF72f8atOKZbjE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julian Anastasov , Simon Horman , Pablo Neira Ayuso , Sasha Levin , syzbot+e562383183e4b1766930@syzkaller.appspotmail.com Subject: [PATCH 5.12 015/161] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service Date: Tue, 8 Jun 2021 20:25:45 +0200 Message-Id: <20210608175945.976126321@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210608175945.476074951@linuxfoundation.org> References: <20210608175945.476074951@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Julian Anastasov [ Upstream commit 56e4ee82e850026d71223262c07df7d6af3bd872 ] syzbot reported memory leak [1] when adding service with HASHED flag. We should ignore this flag both from sockopt and netlink provided data, otherwise the service is not hashed and not visible while releasing resources. [1] BUG: memory leak unreferenced object 0xffff888115227800 (size 512): comm "syz-executor263", pid 8658, jiffies 4294951882 (age 12.560s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc include/linux/slab.h:556 [inline] [] kzalloc include/linux/slab.h:686 [inline] [] ip_vs_add_service+0x598/0x7c0 net/netfilter/ipvs/ip_vs_ctl.c:1343 [] do_ip_vs_set_ctl+0x810/0xa40 net/netfilter/ipvs/ip_vs_ctl.c:2570 [] nf_setsockopt+0x68/0xa0 net/netfilter/nf_sockopt.c:101 [] ip_setsockopt+0x259/0x1ff0 net/ipv4/ip_sockglue.c:1435 [] raw_setsockopt+0x18c/0x1b0 net/ipv4/raw.c:857 [] __sys_setsockopt+0x1b0/0x360 net/socket.c:2117 [] __do_sys_setsockopt net/socket.c:2128 [inline] [] __se_sys_setsockopt net/socket.c:2125 [inline] [] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2125 [] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 [] entry_SYSCALL_64_after_hwframe+0x44/0xae Reported-and-tested-by: syzbot+e562383183e4b1766930@syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Julian Anastasov Reviewed-by: Simon Horman Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/ipvs/ip_vs_ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index d45dbcba8b49..c25097092a06 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -1367,7 +1367,7 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u, ip_vs_addr_copy(svc->af, &svc->addr, &u->addr); svc->port = u->port; svc->fwmark = u->fwmark; - svc->flags = u->flags; + svc->flags = u->flags & ~IP_VS_SVC_F_HASHED; svc->timeout = u->timeout * HZ; svc->netmask = u->netmask; svc->ipvs = ipvs; -- 2.30.2