AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
0a8dd9f67c
kernel_optimize_test/net
History
Neil Horman 0a8dd9f67c Fix memory leak in sctp_process_init 
syzbot found the following leak in sctp_process_init
BUG: memory leak
unreferenced object 0xffff88810ef68400 (size 1024):
  comm "syz-executor273", pid 7046, jiffies 4294945598 (age 28.770s)
  hex dump (first 32 bytes):
    1d de 28 8d de 0b 1b e3 b5 c2 f9 68 fd 1a 97 25  ..(........h...%
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000a02cebbd>] kmemleak_alloc_recursive include/linux/kmemleak.h:55
[inline]
    [<00000000a02cebbd>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<00000000a02cebbd>] slab_alloc mm/slab.c:3326 [inline]
    [<00000000a02cebbd>] __do_kmalloc mm/slab.c:3658 [inline]
    [<00000000a02cebbd>] __kmalloc_track_caller+0x15d/0x2c0 mm/slab.c:3675
    [<000000009e6245e6>] kmemdup+0x27/0x60 mm/util.c:119
    [<00000000dfdc5d2d>] kmemdup include/linux/string.h:432 [inline]
    [<00000000dfdc5d2d>] sctp_process_init+0xa7e/0xc20
net/sctp/sm_make_chunk.c:2437
    [<00000000b58b62f8>] sctp_cmd_process_init net/sctp/sm_sideeffect.c:682
[inline]
    [<00000000b58b62f8>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1384
[inline]
    [<00000000b58b62f8>] sctp_side_effects net/sctp/sm_sideeffect.c:1194
[inline]
    [<00000000b58b62f8>] sctp_do_sm+0xbdc/0x1d60 net/sctp/sm_sideeffect.c:1165
    [<0000000044e11f96>] sctp_assoc_bh_rcv+0x13c/0x200
net/sctp/associola.c:1074
    [<00000000ec43804d>] sctp_inq_push+0x7f/0xb0 net/sctp/inqueue.c:95
    [<00000000726aa954>] sctp_backlog_rcv+0x5e/0x2a0 net/sctp/input.c:354
    [<00000000d9e249a8>] sk_backlog_rcv include/net/sock.h:950 [inline]
    [<00000000d9e249a8>] __release_sock+0xab/0x110 net/core/sock.c:2418
    [<00000000acae44fa>] release_sock+0x37/0xd0 net/core/sock.c:2934
    [<00000000963cc9ae>] sctp_sendmsg+0x2c0/0x990 net/sctp/socket.c:2122
    [<00000000a7fc7565>] inet_sendmsg+0x64/0x120 net/ipv4/af_inet.c:802
    [<00000000b732cbd3>] sock_sendmsg_nosec net/socket.c:652 [inline]
    [<00000000b732cbd3>] sock_sendmsg+0x54/0x70 net/socket.c:671
    [<00000000274c57ab>] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2292
    [<000000008252aedb>] __sys_sendmsg+0x80/0xf0 net/socket.c:2330
    [<00000000f7bf23d1>] __do_sys_sendmsg net/socket.c:2339 [inline]
    [<00000000f7bf23d1>] __se_sys_sendmsg net/socket.c:2337 [inline]
    [<00000000f7bf23d1>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2337
    [<00000000a8b4131f>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:3

The problem was that the peer.cookie value points to an skb allocated
area on the first pass through this function, at which point it is
overwritten with a heap allocated value, but in certain cases, where a
COOKIE_ECHO chunk is included in the packet, a second pass through
sctp_process_init is made, where the cookie value is re-allocated,
leaking the first allocation.

Fix is to always allocate the cookie value, and free it when we are done
using it.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-06-05 17:11:47 -07:00
..
6lowpan treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
9p treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
802 treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-22 08:28:16 -07:00
appletalk treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
atm treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ax25 treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
batman-adv
bluetooth treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
bpf treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
bpfilter treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
bridge treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
caif SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
can treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ceph treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
core net: fix indirect calls helpers for ptype list hooks. 2019-06-04 20:16:22 -07:00
dcb treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
dccp treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
decnet treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 53 2019-05-24 17:36:42 +02:00
dns_resolver treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
dsa net: dsa: sja1105: Don't store frame type in skb->cb 2019-05-31 14:27:27 -07:00
ethernet treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
hsr hsr: fix don't prune the master node from the node_db 2019-05-23 09:29:44 -07:00
ieee802154 treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ife treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ipv4 ipv4: not do cache for local delivery if bc_forwarding is enabled 2019-06-05 16:59:21 -07:00
ipv6 net: correct zerocopy refcnt with udp MSG_MORE 2019-05-30 15:54:04 -07:00
iucv treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
kcm treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
key treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
l2tp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
l3mdev treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
lapb treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 41 2019-05-24 17:27:12 +02:00
llc llc: fix skb leak in llc_build_and_send_ui_pkt() 2019-05-28 17:25:23 -07:00
mac80211 treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mac802154 treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mpls treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ncsi treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-30 21:11:22 -07:00
netlabel treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
netlink SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
netrom treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
nfc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
nsh treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
openvswitch treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
packet packet: unconditionally free po->rollover 2019-06-02 18:10:14 -07:00
phonet SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
psample treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-22 08:28:16 -07:00
rds net: rds: fix memory leak when unload rds_rdma 2019-06-05 17:08:14 -07:00
rfkill treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
rose treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
rxrpc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
sched net: sched: don't use tc_action->order during action dump 2019-05-24 13:27:52 -07:00
sctp Fix memory leak in sctp_process_init 2019-06-05 17:11:47 -07:00
smc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
strparser treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
sunrpc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
switchdev treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-22 08:28:16 -07:00
tls net/tls: replace the sleeping lock around RX resync with a bit lock 2019-06-04 13:34:37 -07:00
unix treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 62 2019-05-24 17:36:46 +02:00
vmw_vsock SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
wimax treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
wireless treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
x25 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 41 2019-05-24 17:27:12 +02:00
xdp treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
xfrm SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
compat.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile
socket.c net: fix kernel-doc warnings for socket.c 2019-05-19 10:33:22 -07:00
sysctl_net.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00