Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp330787imn; Thu, 4 Aug 2022 07:37:58 -0700 (PDT) X-Google-Smtp-Source: AA6agR7DMGaSFvU5Z9dSHyICkqNUZ/zCbKZJ3Y9TVma7dV0QxqU1L9r0FWRU6nBXlJjDW/dqZY9h X-Received: by 2002:a17:906:8a49:b0:730:b15e:f8d2 with SMTP id gx9-20020a1709068a4900b00730b15ef8d2mr1593300ejc.694.1659623878086; Thu, 04 Aug 2022 07:37:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659623878; cv=none; d=google.com; s=arc-20160816; b=cIpqsI7Y9fV/Jp7OSioPRFdgtLjUydk5vjEKzlJ4ztJRoHzogwruNKCTX08b1sGiQq TqdjwI//KsuSjoxiEHTdx/T1xBoyWGyba9by9wm5HW31V/KUvgzsoeE3laRXnk3qkwvR EwwqsIrfCuSykXTeVyCgUzy/qxhGzSn3Q3lP1iMovjkHEK3UDb0ZFnePVJ0yxPhSoOSs mH+qxadD0wG087VZE+0QHEGXXaGVtmJP4xEuojWLLuAhfHzwKXABnbTYclTrqk4HLZls NSRKLaYjHtlh6BBw7uzzCsB6Sl/xXTAJYqk7jYRkoYSBjUSeqzyhK2KycNQnxe5ydKqm digA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=Rr2Pmo9V1ip7mpaWN6TKvPgMKQ/gdhrNUf8Hfcj3w28=; b=DlZhWJZbU/CHgnVqt+FoUpfimalKWWlK6dntR/RBgG8cTwN0UeBFDomy3nHbNW7nK4 iYumelmpucwGYlk1nqsGqIt7SR8XOWQISdx8Nz5MQX06jOkH+hhNfZCQmHsflMFONO2Y PlEFsb+YubmpvcxZz/5rF/dYibN5A6KCFX4tj0pyunJITe+ssl4coQJxSdf/oWl69VmW UZ1XSaQaHaq49uKhyF55iAoQNHzSy4RVwvd/Mn95RpFUuBNrpJ+2ldrw1OUYpBuhMtBS hx0UK14FWPN6zBfATSwyJXIqcOjntpYnZ5fPu2IrHGvOHWSgWcb9S/eXrU48fx2JkJRo Arew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20210112.gappssmtp.com header.s=20210112 header.b=JeLiSXeW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h21-20020a056402281500b0043cfd7f7afdsi1641661ede.508.2022.08.04.07.37.32; Thu, 04 Aug 2022 07:37:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20210112.gappssmtp.com header.s=20210112 header.b=JeLiSXeW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238146AbiHDOcc (ORCPT + 99 others); Thu, 4 Aug 2022 10:32:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234481AbiHDOca (ORCPT ); Thu, 4 Aug 2022 10:32:30 -0400 Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C04B032DBC for ; Thu, 4 Aug 2022 07:32:29 -0700 (PDT) Received: by mail-pl1-x630.google.com with SMTP id m2so40961pls.4 for ; Thu, 04 Aug 2022 07:32:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=Rr2Pmo9V1ip7mpaWN6TKvPgMKQ/gdhrNUf8Hfcj3w28=; b=JeLiSXeWD5kKcICYxtuINTuI83kExyBVAByVqzorbfaPrFzMIUkdbtdcIl/7iWa24/ ynamBKsxBYq9g4YE2enYvNTCrozTaFhif0QQrPXVGABzDw3vNaRhPzXtQxLuGtLpU07l JbjqVVcIIUw01hjT6uJrmwM0b9KPkpeTdtJQIONntn5AJAHIERliOsgzOs517JXXMocF oSNx8zbP3bzrKtQ+Q0U/FUvc7YXgWsZeX/rjoZmwbweV+9eak2buR2/m5cRHFRd6Vn06 SJnFMOdEdzDr6BbtOa+kdaB0xspbzqqyZDPdq8UuZ0qscd1bJ+v6oE5oZKkm9UX5LLzW Iwvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Rr2Pmo9V1ip7mpaWN6TKvPgMKQ/gdhrNUf8Hfcj3w28=; b=Yi0FwFolrFxnbMwHIjFL4Qky7++pHD+vYeNcHK6aqYWpBE1MGqzVw913anjjDxvD0n ETGS9SvqD2hN7FdA2hvFPkCptx7GvRUdVj2yD2Skcb8pkXeJ+bfvyT7C3LuS33nv1IiV ovXSE0ewV/QLb2aQMMH+MlHLh6lxtf3yVD1ZczG3HOOgCa3/JsFBR6OHxT47MH4P6Q0z MM3n0zceZN/FLpgUIPUNmfETgw/admokkVjLbNkQH/kgVww7sGZlwGS44T3+30Z6Y576 ClRB7zI8qYYKv9I4laToQ7yXrKNCHW2Ie9lA6o6IDRSQtLk0t98IayhnZJi4hfWRvF2l S5Kw== X-Gm-Message-State: ACgBeo1SFGAgywQhlOjSiC5d1igf8vG+pSORtBl//Pf+Sau6aPUAjid4 XLHj8cHPkbqotuwjwQBim0Bi2w== X-Received: by 2002:a17:902:e74a:b0:16e:d768:158e with SMTP id p10-20020a170902e74a00b0016ed768158emr2123220plf.12.1659623549147; Thu, 04 Aug 2022 07:32:29 -0700 (PDT) Received: from [192.168.1.100] ([198.8.77.157]) by smtp.gmail.com with ESMTPSA id i15-20020a170902c94f00b0016beceac426sm1071892pla.138.2022.08.04.07.32.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Aug 2022 07:32:28 -0700 (PDT) Message-ID: <5756a75e-ea84-a04b-be07-90e7ee6626d6@kernel.dk> Date: Thu, 4 Aug 2022 08:32:27 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Subject: Re: [PATCH v2] audit, io_uring, io-wq: Fix memory leak in io_sq_thread() and io_wqe_worker() Content-Language: en-US To: Paul Moore , Peilin Ye Cc: Pavel Begunkov , Eric Paris , Peilin Ye , io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com References: <20220803050230.30152-1-yepeilin.cs@gmail.com> <20220803222343.31673-1-yepeilin.cs@gmail.com> From: Jens Axboe In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/4/22 7:51 AM, Paul Moore wrote: > On Wed, Aug 3, 2022 at 6:24 PM Peilin Ye wrote: >> >> From: Peilin Ye >> >> Currently @audit_context is allocated twice for io_uring workers: >> >> 1. copy_process() calls audit_alloc(); >> 2. io_sq_thread() or io_wqe_worker() calls audit_alloc_kernel() (which >> is effectively audit_alloc()) and overwrites @audit_context, >> causing: >> >> BUG: memory leak >> unreferenced object 0xffff888144547400 (size 1024): >> <...> >> hex dump (first 32 bytes): >> 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> backtrace: >> [] audit_alloc+0x133/0x210 >> [] copy_process+0xcd3/0x2340 >> [] create_io_thread+0x63/0x90 >> [] create_io_worker+0xb4/0x230 >> [] io_wqe_enqueue+0x248/0x3b0 >> [] io_queue_iowq+0xba/0x200 >> [] io_queue_async+0x113/0x180 >> [] io_req_task_submit+0x18f/0x1a0 >> [] io_apoll_task_func+0xdd/0x120 >> [] tctx_task_work+0x11f/0x570 >> [] task_work_run+0x7e/0xc0 >> [] get_signal+0xc18/0xf10 >> [] arch_do_signal_or_restart+0x2b/0x730 >> [] exit_to_user_mode_prepare+0x5e/0x180 >> [] syscall_exit_to_user_mode+0x12/0x20 >> [] do_syscall_64+0x40/0x80 >> >> Then, >> >> 3. io_sq_thread() or io_wqe_worker() frees @audit_context using >> audit_free(); >> 4. do_exit() eventually calls audit_free() again, which is okay >> because audit_free() does a NULL check. >> >> As suggested by Paul Moore, fix it by deleting audit_alloc_kernel() and >> redundant audit_free() calls. >> >> Fixes: 5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring") >> Suggested-by: Paul Moore >> Cc: stable@vger.kernel.org >> Signed-off-by: Peilin Ye >> --- >> Change since v1: >> - Delete audit_alloc_kernel() (Paul Moore) >> >> fs/io-wq.c | 3 --- >> fs/io_uring.c | 4 ---- >> include/linux/audit.h | 5 ----- >> kernel/auditsc.c | 25 ------------------------- >> 4 files changed, 37 deletions(-) > > This looks good to me, thanks! Although it looks like the io_uring > related changes will need to be applied by hand as they are pointing > to the old layout under fs/ as opposed to the newer layout in > io_uring/ introduced during this merge window. > > Jens, did you want to take this via the io_uring tree or should I take > it via the audit tree? If the latter, an ACK would be appreciated, if > the former my ACK is below. > > Acked-by: Paul Moore Probably better if I take it, since I need to massage it into the current tree anyway. We can then use this one as the base for the stable backports that are going to be required. -- Jens Axboe