Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp86436rwb; Wed, 14 Dec 2022 14:22:31 -0800 (PST) X-Google-Smtp-Source: AA0mqf59AxbUExe+itgFtovYNOZRCq2mhZX2c9gzZwSzItUisaqMI/J2XkPkbV83B541rcFrC+i4 X-Received: by 2002:a17:90a:fb92:b0:219:7a1e:e643 with SMTP id cp18-20020a17090afb9200b002197a1ee643mr27283091pjb.9.1671056551403; Wed, 14 Dec 2022 14:22:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671056551; cv=none; d=google.com; s=arc-20160816; b=okrr5Adv4CwS91b/6JRzoFQ47amVzuw5j5MU6r2LIlKRW7cvzM+jVPKYV49Hb3NjlD LFRBlDdVwmv7gpNYUgJAHx8T3G6npDe3F3gSgxSEFwjYY92RwxVH0xJHne2LMYMgl17c FzAxpUYrld8drugfRWfmiILYJxdJm9uNXR0u0yYEsKzRx8ZntsA8DNJSPzshhuH27rmi cIQqkCE8UudJ6D6Mcf/s/4VhMpsRiDUxxFLIA8f0jzF70YmIMlCazRVPLFcebKG4Ru2s u4RnZele3caef8Ynya6N5IRKScun+qiIX386D8wMnA87nP1CJJPSXxHpI4GLG5gqee5r iu0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=FxkNsVdp2P0iZ4D7gX8mnAkSr09/NtS5Ry3rdvwmI5s=; b=FI+VornPN886JaHYbFbg/cOzNJwuRYJlFmX1n3gzlbkm6tmeVjegxAUlUnweEb8suH 77tvfkQ5SGIraGLRrek0KXBdf5ZGsLius92EQpURYTsVY6eNLc0nHo0yNkneEcA6vvJ8 fzRdBUUI8hh8LzBSOyLmYO7Hf1micmq9V8sIidOB6BsQKEHazxeusgBywMKKFc2veyi9 VHgOJJf82sWFDj4nsxZlQ1NG4WtUbwWtSkO5laCDFpbavugnIXZF5MQSYmKPbLyPsf79 3IxK73lSGtslvm2LnwEIRRoUYB9GAAbScgDwynNtcbWEWh7Lm2eeS6pE80vYd08utwXu 4z0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=J4HP1YEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hk11-20020a17090b224b00b002130053cad7si3636455pjb.7.2022.12.14.14.22.22; Wed, 14 Dec 2022 14:22:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=smtpout1 header.b=J4HP1YEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229627AbiLNWUV (ORCPT + 70 others); Wed, 14 Dec 2022 17:20:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52250 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229611AbiLNWUU (ORCPT ); Wed, 14 Dec 2022 17:20:20 -0500 Received: from smtpout.efficios.com (smtpout.efficios.com [167.114.26.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77B6841992; Wed, 14 Dec 2022 14:20:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=efficios.com; s=smtpout1; t=1671056416; bh=oNv/gSWyb/MpDqS0P30UCCNCdFs5k2+DfmT7cH4zL1E=; h=From:To:Cc:Subject:Date:From; b=J4HP1YEUylZ4Twplg0KjRig3OwM1h23nU7ydzPq6I19c5zCoqj5qxM1lAxVBInCfI +VbRgaAsrgGuI93EKdy1e2+TbH0WG+I87Bn96TZTp37hQtZLRd7l9vmFpAFyWrRFxR 0VWs3su9aZgQ7d/eMKIP79Fntx6kEj701HyzDPUBHgwTs1HfuuvXTGhKnweSKYYXXs V3w1nnOXumE2IhNRivgDzIWZsXmNZ2ef96WLQ/W6+WINMuwgG6phWxU2jt9lQUksJk Pi4HpOe31zh2G0SuuvYcNQaUrel3MusCxAO/1pgPduejbbE53a9JX9KYY2pUX23TOO BxOJw7c388LMQ== Received: from localhost.localdomain (192-222-180-24.qc.cable.ebox.net [192.222.180.24]) by smtpout.efficios.com (Postfix) with ESMTPSA id 4NXVDJ3VCjzbgh; Wed, 14 Dec 2022 17:20:16 -0500 (EST) From: Mathieu Desnoyers To: Peter Zijlstra Cc: linux-kernel@vger.kernel.org, Mathieu Desnoyers , Andre Almeida , Thomas Gleixner , Ingo Molnar , Darren Hart , Davidlohr Bueso , stable@vger.kernel.org Subject: [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Date: Wed, 14 Dec 2022 17:20:08 -0500 Message-Id: <20221214222008.200393-1-mathieu.desnoyers@efficios.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In a scenario where kcalloc() fails to allocate memory, the futex_waitv system call immediately returns -ENOMEM without invoking destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this results in leaking a timer debug object. Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()") Signed-off-by: Mathieu Desnoyers Cc: Andre Almeida Cc: Peter Zijlstra (Intel) Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Darren Hart Cc: Davidlohr Bueso Cc: stable@vger.kernel.org # v5.16+ --- kernel/futex/syscalls.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c index 086a22d1adb7..a8074079b09e 100644 --- a/kernel/futex/syscalls.c +++ b/kernel/futex/syscalls.c @@ -286,19 +286,22 @@ SYSCALL_DEFINE5(futex_waitv, struct futex_waitv __user *, waiters, } futexv = kcalloc(nr_futexes, sizeof(*futexv), GFP_KERNEL); - if (!futexv) - return -ENOMEM; + if (!futexv) { + ret = -ENOMEM; + goto destroy_timer; + } ret = futex_parse_waitv(futexv, waiters, nr_futexes); if (!ret) ret = futex_wait_multiple(futexv, nr_futexes, timeout ? &to : NULL); + kfree(futexv); + +destroy_timer: if (timeout) { hrtimer_cancel(&to.timer); destroy_hrtimer_on_stack(&to.timer); } - - kfree(futexv); return ret; } -- 2.25.1