Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp433292rwe; Wed, 31 Aug 2022 05:27:41 -0700 (PDT) X-Google-Smtp-Source: AA6agR7vFHb0k9HeUPpASRUsxZaaXhsxvxhgmQ9n+kKGjM7U5xvf+Oj9pifyJxOQmI2KfaOXMsE3 X-Received: by 2002:a63:5761:0:b0:41d:8eef:2fda with SMTP id h33-20020a635761000000b0041d8eef2fdamr22076730pgm.239.1661948861084; Wed, 31 Aug 2022 05:27:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661948861; cv=none; d=google.com; s=arc-20160816; b=RScqU4ytcMXgZsUtP8nbcA9M6oULN1JA4dYWpFSyIACII2Likl5PXcv42X7yeIqbTc 0GWKSn+9uXK51AlpGc1Z1fpXNw7Dlhf2AV+2X4e9d1ppblaNNtzzcR7ufR2Bzr2jzsPI 1J1XDrDleAkoSVAur6GA+jLEUeOS3DpAd/p55IzeMBmOcHyb01qDbiBN9AWearIgHm7O ASsOGa2hbHHuudju4qq9tm/NxZUHyZKxICpeYByQA9uhAxolTowYjWsW1W4I/s05oJDt RdGpoGOG1veNHtPC2t3slAHdrkym0gcf9oVf49wEu9gdssxSn07KcMmAyc6MZeAfT+oH AfUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=eRbKItI3AZhVvsC86qxXWb/4uz2oQCgmwoWLMJsb7bs=; b=a4Z7jCOoyrMQCmpRL3c714cQOvRUNN9gJUskb4ZPC9TsQc1Zzx2WNQxiODPFcRzzhy 3WUsBX+2hqgFO6+hsqO9V+nvyAEXSaS1U4wjlwobYz7VvDS6kcDGd3Z/cZI4LKND/XuH rjYEFVAiOq278V5cle8RaZIdD2J1XtZCGlMaCS4MwGSLv7a49n6eLhQsRDd1qW8PHp5T pOwzRihgITwALC+sHt4J/qTx+H1TPk1H1nIzfYi65Ml9qW7X0xIQyqu4Zo5G7rE34mh3 6UIw4wdaQormkOvSw4I+yzW9BH0qaogdRKZdnlpVRpZTQAm0qWCyuSfHZt6Do4l262Nn 8H7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=aEaUiZbB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h12-20020a63210c000000b0041b2f37c570si4721858pgh.752.2022.08.31.05.27.26; Wed, 31 Aug 2022 05:27:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=aEaUiZbB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229790AbiHaMCF (ORCPT + 99 others); Wed, 31 Aug 2022 08:02:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229486AbiHaMCD (ORCPT ); Wed, 31 Aug 2022 08:02:03 -0400 Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C6A5D2900; Wed, 31 Aug 2022 05:02:02 -0700 (PDT) Received: by mail-pj1-x1030.google.com with SMTP id n65-20020a17090a5ac700b001fbb4fad865so14749313pji.1; Wed, 31 Aug 2022 05:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc; bh=eRbKItI3AZhVvsC86qxXWb/4uz2oQCgmwoWLMJsb7bs=; b=aEaUiZbBL3nk9VM+21DWCPPZgDS3s2+8btGMtGjrqc0FEjYXnJxi6cSlN07QXAldvJ 8c36bVI7E7TQQrvlGQvQAIcNIFkKQv1aWR/3VD4XspDYvWQDvBcFfkBCdOnxe033cZmR x+P5U08z+h7sS/rJnYiXrEyDKeNsI8El5vo7l5XvzRU2K0d9JR54xlR2iyfqr3d2qEpu jZp6SECjrob07TcOeEFz7BfwOgfwbdEshNk5ZHA2zcm9yAjpwb849xfJVvZF/9Pk2RB+ jbZxaVMnyC1jrFRPyo5zg/V39ugsVnQpe6hXLTju00ol29oB2yrdO7zDsrnVOfnQ+0vf VRKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc; bh=eRbKItI3AZhVvsC86qxXWb/4uz2oQCgmwoWLMJsb7bs=; b=Qy0/4gHkHwL6GI7VM7pi507wQSKPR1md+zUUFZZpnyouEmikJ9DIxb12pf+O9Sdgym C5QcPYPPZhZ3011XpSo5l6c4tSTLliMAzzGeTIcENesQHScwTgYFssPJcWIsN3pyYhUV DrJoUPjdTNwxIlkuWpI5gclXUamxWaa2WIZb6aT4t1ixSypy0h7U5jC6XKKRWz+vW0ZS 6FFMVRy71Xg6h3DRPKrB3zPoCjoCqVhlZ2D/f38/DReZwXdQxUBFQGLn4Aj1ToXr5lBw QjsdXmTKvzgTW3GgGBYvIA3L6ok6WUWBh7jwu3MLcBI2ZCC8iM9iBYFbpUZ1AiqMTEBJ EoiQ== X-Gm-Message-State: ACgBeo1VBUXjcDetPEzZO3SJfTrw+5YCMABAgCc/0Yz0SWNUBAbi9cvZ LMXxdUgKHqO9VZWFgj3BJgk= X-Received: by 2002:a17:90b:4acc:b0:1f5:7f05:12e8 with SMTP id mh12-20020a17090b4acc00b001f57f0512e8mr2910177pjb.92.1661947321614; Wed, 31 Aug 2022 05:02:01 -0700 (PDT) Received: from [192.168.0.110] ([103.159.189.140]) by smtp.gmail.com with ESMTPSA id o19-20020a17090aac1300b001fbbbe38387sm1156380pjq.10.2022.08.31.05.01.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 31 Aug 2022 05:02:01 -0700 (PDT) Message-ID: <7768a8f1-fcc6-50da-e5a5-7e2cef619459@gmail.com> Date: Wed, 31 Aug 2022 18:01:54 +0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH] xfrm: Don't increase scratch users if allocation fails Content-Language: en-US To: Herbert Xu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com, Steffen Klassert , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-kernel-mentees@lists.linuxfoundation.org, Shuah Khan References: <00000000000092839d0581fd74ad@google.com> <20220831014126.6708-1-khalid.masum.92@gmail.com> From: Khalid Masum In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/31/22 15:13, Herbert Xu wrote: > On Wed, Aug 31, 2022 at 07:41:26AM +0600, Khalid Masum wrote: >> ipcomp_alloc_scratches() routine increases ipcomp_scratch_users count >> even if it fails to allocate memory. Therefore, ipcomp_free_scratches() >> routine, when triggered, tries to vfree() non existent percpu >> ipcomp_scratches. >> >> To fix this breakage, do not increase scratch users count if >> ipcomp_alloc_scratches() fails to allocate scratches. >> >> Reported-and-tested-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com >> Signed-off-by: Khalid Masum >> --- >> net/xfrm/xfrm_ipcomp.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c >> index cb40ff0ff28d..af9097983139 100644 >> --- a/net/xfrm/xfrm_ipcomp.c >> +++ b/net/xfrm/xfrm_ipcomp.c >> @@ -210,13 +210,15 @@ static void * __percpu *ipcomp_alloc_scratches(void) >> void * __percpu *scratches; >> int i; >> >> - if (ipcomp_scratch_users++) >> + if (ipcomp_scratch_users) { >> + ipcomp_scratch_users++; >> return ipcomp_scratches; >> - >> + } >> scratches = alloc_percpu(void *); >> if (!scratches) >> return NULL; >> >> + ipcomp_scratch_users++; >> ipcomp_scratches = scratches; > > This patch is broken because on error we will always call > ipcomp_free_scratches which frees any partially allocated memory > and restores ipcomp_scratch_users to zero. > > With this patch ipcomp_scratch_users will turn negative on error. > > Cheers, Thanks for the review. I think it can be fixed by assigning NULL in ipcomp_scratches when the allocation fails as ipcomp_free_scratches checks for it. I shall follow this email with a v2 shortly. thanks, -- Khalid Masum