From: Al Viro viro@ftp.linux.org.uk on behalf of Al Viro viro@zeniv.linux.org.uk Sent: Tuesday, February 19, 2019 4:25 AM To: yuehaibing Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote:
syzkaller report this: BUG: memory leak unreferenced object 0xffffc9000488d000 (size 9195520): comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... backtrace: [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read fails.
Applied.
This must be applied to stables as well...
On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote:
From: Al Viro viro@ftp.linux.org.uk on behalf of Al Viro viro@zeniv.linux.org.uk Sent: Tuesday, February 19, 2019 4:25 AM To: yuehaibing Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote:
syzkaller report this: BUG: memory leak unreferenced object 0xffffc9000488d000 (size 9195520): comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... backtrace: [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read fails.
Applied.
This must be applied to stables as well...
It's already in all relevant stable trees...
-- Thanks, Sasha
From: Sasha Levin sashal@kernel.org Sent: Tuesday, March 12, 2019 1:16 AM To: Dmitry Kasatkin Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; keescook@chromium.org; stable@vger.kernel.org; gregkh@google.com Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote:
From: Al Viro viro@ftp.linux.org.uk on behalf of Al Viro viro@zeniv.linux.org.uk Sent: Tuesday, February 19, 2019 4:25 AM To: yuehaibing Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote:
syzkaller report this: BUG: memory leak unreferenced object 0xffffc9000488d000 (size 9195520): comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... backtrace: [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read fails.
Applied.
This must be applied to stables as well...
It's already in all relevant stable trees...
I only can see in longterm 4.19.
What about 4.9 and 4.14?
Thanks, Dmitry
On Wed, Mar 13, 2019 at 02:12:30PM +0000, Dmitry Kasatkin wrote:
From: Sasha Levin sashal@kernel.org Sent: Tuesday, March 12, 2019 1:16 AM To: Dmitry Kasatkin Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; keescook@chromium.org; stable@vger.kernel.org; gregkh@google.com Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote:
From: Al Viro viro@ftp.linux.org.uk on behalf of Al Viro viro@zeniv.linux.org.uk Sent: Tuesday, February 19, 2019 4:25 AM To: yuehaibing Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote:
syzkaller report this: BUG: memory leak unreferenced object 0xffffc9000488d000 (size 9195520): comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... backtrace: [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read fails.
Applied.
This must be applied to stables as well...
It's already in all relevant stable trees...
I only can see in longterm 4.19.
What about 4.9 and 4.14?
It was in the queue already for that (you can see it on git.kernel.org), and they are now part of the -rc releases that are currently out for review.
thanks,
greg k-h
On 13/03/2019 16:38, gregkh@linuxfoundation.org wrote:
On Wed, Mar 13, 2019 at 02:12:30PM +0000, Dmitry Kasatkin wrote:
From: Sasha Levin sashal@kernel.org Sent: Tuesday, March 12, 2019 1:16 AM To: Dmitry Kasatkin Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; keescook@chromium.org; stable@vger.kernel.org; gregkh@google.com Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Mon, Mar 11, 2019 at 04:59:14PM +0000, Dmitry Kasatkin wrote:
From: Al Viro viro@ftp.linux.org.uk on behalf of Al Viro viro@zeniv.linux.org.uk Sent: Tuesday, February 19, 2019 4:25 AM To: yuehaibing Cc: linux-kernel@vger.kernel.org; linux-fsdevel@vger.kernel.org; Dmitry Kasatkin; keescook@chromium.org Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file On Tue, Feb 19, 2019 at 10:10:38AM +0800, YueHaibing wrote:
syzkaller report this: BUG: memory leak unreferenced object 0xffffc9000488d000 (size 9195520): comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... backtrace: [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read fails.
Applied.
This must be applied to stables as well...
It's already in all relevant stable trees...
I only can see in longterm 4.19.
What about 4.9 and 4.14?
It was in the queue already for that (you can see it on git.kernel.org), and they are now part of the -rc releases that are currently out for review.
thanks,
greg k-h
Thanks!
Dmitry
linux-stable-mirror@lists.linaro.org
-
Dmitry Kasatkin -
gregkh@linuxfoundation.org -
Sasha Levin