June 2021 - Linux-stable-mirror

Re: Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 5.4-stable tree

by Pavel Skripkin

On Tue, 08 Jun 2021 14:31:34 +0200 <gregkh(a)linuxfoundation.org> wrote: > > This is a note to let you know that I've just added the patch titled > > net: kcm: fix memory leak in kcm_sendmsg > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-kcm-fix-memory-leak-in-kcm_sendmsg.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001 > From: Pavel Skripkin <paskripkin(a)gmail.com> > Date: Wed, 2 Jun 2021 22:26:40 +0300 > Subject: net: kcm: fix memory leak in kcm_sendmsg > > From: Pavel Skripkin <paskripkin(a)gmail.com> > > commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream. > > Syzbot reported memory leak in kcm_sendmsg()[1]. > The problem was in non-freed frag_list in case of error. > > In the while loop: > > if (head == skb) > skb_shinfo(head)->frag_list = tskb; > else > skb->next = tskb; > > frag_list filled with skbs, but nothing was freeing them. > > backtrace: > [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198 > [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline] > [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 > [1] [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline] > [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672 > > Reported-and-tested-by: > syzbot+b039f5699bd82e1fb011(a)syzkaller.appspotmail.com Fixes: > ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Cc: > stable(a)vger.kernel.org Signed-off-by: Pavel Skripkin > <paskripkin(a)gmail.com> Signed-off-by: David S. Miller > <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman > <gregkh(a)linuxfoundation.org> --- > net/kcm/kcmsock.c | 5 +++++ > 1 file changed, 5 insertions(+) Hi, Greg! I CCed stable. This patch is broken and I've already sent a revert for this. https://git.kernel.org/netdev/net/c/a47c397bb29f Please, don't add this to stable trees. Im sorry With regards, Pavel Skripkin

3 years, 9 months

1
0
0 0

Re: Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 4.14-stable tree

by Pavel Skripkin

On Tue, 08 Jun 2021 14:30:53 +0200 <gregkh(a)linuxfoundation.org> wrote: > > This is a note to let you know that I've just added the patch titled > > net: kcm: fix memory leak in kcm_sendmsg > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-kcm-fix-memory-leak-in-kcm_sendmsg.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001 > From: Pavel Skripkin <paskripkin(a)gmail.com> > Date: Wed, 2 Jun 2021 22:26:40 +0300 > Subject: net: kcm: fix memory leak in kcm_sendmsg > > From: Pavel Skripkin <paskripkin(a)gmail.com> > > commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream. > > Syzbot reported memory leak in kcm_sendmsg()[1]. > The problem was in non-freed frag_list in case of error. > > In the while loop: > > if (head == skb) > skb_shinfo(head)->frag_list = tskb; > else > skb->next = tskb; > > frag_list filled with skbs, but nothing was freeing them. > > backtrace: > [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198 > [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline] > [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 > [1] [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline] > [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672 > > Reported-and-tested-by: > syzbot+b039f5699bd82e1fb011(a)syzkaller.appspotmail.com Fixes: > ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Cc: > stable(a)vger.kernel.org Signed-off-by: Pavel Skripkin > <paskripkin(a)gmail.com> Signed-off-by: David S. Miller > <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman > <gregkh(a)linuxfoundation.org> --- > net/kcm/kcmsock.c | 5 +++++ > 1 file changed, 5 insertions(+) > Hi, Greg! I CCed stable. This patch is broken and I've already sent a revert for this. https://git.kernel.org/netdev/net/c/a47c397bb29f Please, don't add this to stable trees. Im sorry With regards, Pavel Skripkin

3 years, 9 months

1
0
0 0

Re: Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 4.19-stable tree

by Pavel Skripkin

On Tue, 08 Jun 2021 14:31:13 +0200 <gregkh(a)linuxfoundation.org> wrote: > > This is a note to let you know that I've just added the patch titled > > net: kcm: fix memory leak in kcm_sendmsg > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-kcm-fix-memory-leak-in-kcm_sendmsg.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001 > From: Pavel Skripkin <paskripkin(a)gmail.com> > Date: Wed, 2 Jun 2021 22:26:40 +0300 > Subject: net: kcm: fix memory leak in kcm_sendmsg > > From: Pavel Skripkin <paskripkin(a)gmail.com> > > commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream. > > Syzbot reported memory leak in kcm_sendmsg()[1]. > The problem was in non-freed frag_list in case of error. > > In the while loop: > > if (head == skb) > skb_shinfo(head)->frag_list = tskb; > else > skb->next = tskb; > > frag_list filled with skbs, but nothing was freeing them. > > backtrace: > [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198 > [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline] > [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 > [1] [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline] > [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672 > > Reported-and-tested-by: > syzbot+b039f5699bd82e1fb011(a)syzkaller.appspotmail.com Fixes: > ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Cc: > stable(a)vger.kernel.org Signed-off-by: Pavel Skripkin > <paskripkin(a)gmail.com> Signed-off-by: David S. Miller > <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman > <gregkh(a)linuxfoundation.org> --- > net/kcm/kcmsock.c | 5 +++++ > 1 file changed, 5 insertions(+) Hi, Greg! I CCed stable. This patch is broken and I've already sent a revert for this. https://git.kernel.org/netdev/net/c/a47c397bb29f Please, don't add this to stable trees. Im sorry With regards, Pavel Skripkin

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] fanotify: fix permission model of unprivileged group" failed to apply to 5.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8b98c808eab3ec8f1b5a64be967b0f4af4cae43 Mon Sep 17 00:00:00 2001 From: Amir Goldstein <amir73il(a)gmail.com> Date: Mon, 24 May 2021 16:53:21 +0300 Subject: [PATCH] fanotify: fix permission model of unprivileged group Reporting event->pid should depend on the privileges of the user that initialized the group, not the privileges of the user reading the events. Use an internal group flag FANOTIFY_UNPRIV to record the fact that the group was initialized by an unprivileged user. To be on the safe side, the premissions to setup filesystem and mount marks now require that both the user that initialized the group and the user setting up the mark have CAP_SYS_ADMIN. Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxiA77_P5vtv7e83g0+9d7B5W9ZTE4Gf… Fixes: 7cea2a3c505e ("fanotify: support limited functionality for unprivileged users") Cc: <Stable(a)vger.kernel.org> # v5.12+ Link: https://lore.kernel.org/r/20210524135321.2190062-1-amir73il@gmail.com Reviewed-by: Matthew Bobrowski <repnop(a)google.com> Acked-by: Christian Brauner <christian.brauner(a)ubuntu.com> Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Jan Kara <jack(a)suse.cz> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 71fefb30e015..be5b6d2c01e7 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -424,11 +424,18 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, * events generated by the listener process itself, without disclosing * the pids of other processes. */ - if (!capable(CAP_SYS_ADMIN) && + if (FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) && task_tgid(current) != event->pid) metadata.pid = 0; - if (path && path->mnt && path->dentry) { + /* + * For now, fid mode is required for an unprivileged listener and + * fid mode does not report fd in events. Keep this check anyway + * for safety in case fid mode requirement is relaxed in the future + * to allow unprivileged listener to get events with no fd and no fid. + */ + if (!FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV) && + path && path->mnt && path->dentry) { fd = create_fd(group, path, &f); if (fd < 0) return fd; @@ -1040,6 +1047,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) int f_flags, fd; unsigned int fid_mode = flags & FANOTIFY_FID_BITS; unsigned int class = flags & FANOTIFY_CLASS_BITS; + unsigned int internal_flags = 0; pr_debug("%s: flags=%x event_f_flags=%x\n", __func__, flags, event_f_flags); @@ -1053,6 +1061,13 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) */ if ((flags & FANOTIFY_ADMIN_INIT_FLAGS) || !fid_mode) return -EPERM; + + /* + * Setting the internal flag FANOTIFY_UNPRIV on the group + * prevents setting mount/filesystem marks on this group and + * prevents reporting pid and open fd in events. + */ + internal_flags |= FANOTIFY_UNPRIV; } #ifdef CONFIG_AUDITSYSCALL @@ -1105,7 +1120,7 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) goto out_destroy_group; } - group->fanotify_data.flags = flags; + group->fanotify_data.flags = flags | internal_flags; group->memcg = get_mem_cgroup_from_mm(current->mm); group->fanotify_data.merge_hash = fanotify_alloc_merge_hash(); @@ -1305,11 +1320,13 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, group = f.file->private_data; /* - * An unprivileged user is not allowed to watch a mount point nor - * a filesystem. + * An unprivileged user is not allowed to setup mount nor filesystem + * marks. This also includes setting up such marks by a group that + * was initialized by an unprivileged user. */ ret = -EPERM; - if (!capable(CAP_SYS_ADMIN) && + if ((!capable(CAP_SYS_ADMIN) || + FAN_GROUP_FLAG(group, FANOTIFY_UNPRIV)) && mark_type != FAN_MARK_INODE) goto fput_and_out; @@ -1460,6 +1477,7 @@ static int __init fanotify_user_setup(void) max_marks = clamp(max_marks, FANOTIFY_OLD_DEFAULT_MAX_MARKS, FANOTIFY_DEFAULT_MAX_USER_MARKS); + BUILD_BUG_ON(FANOTIFY_INIT_FLAGS & FANOTIFY_INTERNAL_GROUP_FLAGS); BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 10); BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9); diff --git a/fs/notify/fdinfo.c b/fs/notify/fdinfo.c index a712b2aaa9ac..57f0d5d9f934 100644 --- a/fs/notify/fdinfo.c +++ b/fs/notify/fdinfo.c @@ -144,7 +144,7 @@ void fanotify_show_fdinfo(struct seq_file *m, struct file *f) struct fsnotify_group *group = f->private_data; seq_printf(m, "fanotify flags:%x event-flags:%x\n", - group->fanotify_data.flags, + group->fanotify_data.flags & FANOTIFY_INIT_FLAGS, group->fanotify_data.f_flags); show_fdinfo(m, f, fanotify_fdinfo); diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index bad41bcb25df..a16dbeced152 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -51,6 +51,10 @@ extern struct ctl_table fanotify_table[]; /* for sysctl */ #define FANOTIFY_INIT_FLAGS (FANOTIFY_ADMIN_INIT_FLAGS | \ FANOTIFY_USER_INIT_FLAGS) +/* Internal group flags */ +#define FANOTIFY_UNPRIV 0x80000000 +#define FANOTIFY_INTERNAL_GROUP_FLAGS (FANOTIFY_UNPRIV) + #define FANOTIFY_MARK_TYPE_BITS (FAN_MARK_INODE | FAN_MARK_MOUNT | \ FAN_MARK_FILESYSTEM)

3 years, 9 months

2
1
0 0

Re: Patch "net: kcm: fix memory leak in kcm_sendmsg" has been added to the 4.9-stable tree

by Pavel Skripkin

On Tue, 08 Jun 2021 14:30:33 +0200 <gregkh(a)linuxfoundation.org> wrote: > > This is a note to let you know that I've just added the patch titled > > net: kcm: fix memory leak in kcm_sendmsg > > to the 4.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-kcm-fix-memory-leak-in-kcm_sendmsg.patch > and it can be found in the queue-4.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001 > From: Pavel Skripkin <paskripkin(a)gmail.com> > Date: Wed, 2 Jun 2021 22:26:40 +0300 > Subject: net: kcm: fix memory leak in kcm_sendmsg > Hi, Greg! I CCed stable. This patch is broken and I've already sent a revert for this. https://git.kernel.org/netdev/net/c/a47c397bb29f Please, don't add this to stable trees. Im sorry With regards, Pavel Skripkin

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path." failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8867f4e3809050571c98de7a2d465aff5e4daf5 Mon Sep 17 00:00:00 2001 From: Phillip Potter <phil(a)philpotter.co.uk> Date: Mon, 12 Apr 2021 08:38:37 +0100 Subject: [PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. Reported-by: syzbot+aa12d6106ea4ca1b6aae(a)syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil(a)philpotter.co.uk> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20210412073837.1686-1-phil@philpotter.co.uk Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3239e6669e84..c2c22c2baac0 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -3217,7 +3217,7 @@ static int ext4_mb_init_backend(struct super_block *sb) */ if (sbi->s_es->s_log_groups_per_flex >= 32) { ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group"); - goto err_freesgi; + goto err_freebuddy; } sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex, BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path." failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8867f4e3809050571c98de7a2d465aff5e4daf5 Mon Sep 17 00:00:00 2001 From: Phillip Potter <phil(a)philpotter.co.uk> Date: Mon, 12 Apr 2021 08:38:37 +0100 Subject: [PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. Reported-by: syzbot+aa12d6106ea4ca1b6aae(a)syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil(a)philpotter.co.uk> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20210412073837.1686-1-phil@philpotter.co.uk Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3239e6669e84..c2c22c2baac0 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -3217,7 +3217,7 @@ static int ext4_mb_init_backend(struct super_block *sb) */ if (sbi->s_es->s_log_groups_per_flex >= 32) { ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group"); - goto err_freesgi; + goto err_freebuddy; } sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex, BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path." failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8867f4e3809050571c98de7a2d465aff5e4daf5 Mon Sep 17 00:00:00 2001 From: Phillip Potter <phil(a)philpotter.co.uk> Date: Mon, 12 Apr 2021 08:38:37 +0100 Subject: [PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. Reported-by: syzbot+aa12d6106ea4ca1b6aae(a)syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil(a)philpotter.co.uk> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20210412073837.1686-1-phil@philpotter.co.uk Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3239e6669e84..c2c22c2baac0 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -3217,7 +3217,7 @@ static int ext4_mb_init_backend(struct super_block *sb) */ if (sbi->s_es->s_log_groups_per_flex >= 32) { ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group"); - goto err_freesgi; + goto err_freebuddy; } sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex, BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path." failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8867f4e3809050571c98de7a2d465aff5e4daf5 Mon Sep 17 00:00:00 2001 From: Phillip Potter <phil(a)philpotter.co.uk> Date: Mon, 12 Apr 2021 08:38:37 +0100 Subject: [PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. Reported-by: syzbot+aa12d6106ea4ca1b6aae(a)syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil(a)philpotter.co.uk> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20210412073837.1686-1-phil@philpotter.co.uk Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3239e6669e84..c2c22c2baac0 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -3217,7 +3217,7 @@ static int ext4_mb_init_backend(struct super_block *sb) */ if (sbi->s_es->s_log_groups_per_flex >= 32) { ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group"); - goto err_freesgi; + goto err_freebuddy; } sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex, BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));

3 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path." failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a8867f4e3809050571c98de7a2d465aff5e4daf5 Mon Sep 17 00:00:00 2001 From: Phillip Potter <phil(a)philpotter.co.uk> Date: Mon, 12 Apr 2021 08:38:37 +0100 Subject: [PATCH] ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. Reported-by: syzbot+aa12d6106ea4ca1b6aae(a)syzkaller.appspotmail.com Signed-off-by: Phillip Potter <phil(a)philpotter.co.uk> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20210412073837.1686-1-phil@philpotter.co.uk Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 3239e6669e84..c2c22c2baac0 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -3217,7 +3217,7 @@ static int ext4_mb_init_backend(struct super_block *sb) */ if (sbi->s_es->s_log_groups_per_flex >= 32) { ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group"); - goto err_freesgi; + goto err_freebuddy; } sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex, BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));

3 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2021