github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
12e20eca89
linux/include
History
Julian Anastasov fe2ceeb4cf ipvs: fix tinfo memory leak in start_sync_thread 
[ Upstream commit 5db7c8b9f9 ]

syzkaller reports for memory leak in start_sync_thread [1]

As Eric points out, kthread may start and stop before the
threadfn function is called, so there is no chance the
data (tinfo in our case) to be released in thread.

Fix this by releasing tinfo in the controlling code instead.

[1]
BUG: memory leak
unreferenced object 0xffff8881206bf700 (size 32):
 comm "syz-executor761", pid 7268, jiffies 4294943441 (age 20.470s)
 hex dump (first 32 bytes):
   00 40 7c 09 81 88 ff ff 80 45 b8 21 81 88 ff ff  .@|......E.!....
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 backtrace:
   [<0000000057619e23>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
   [<0000000057619e23>] slab_post_alloc_hook mm/slab.h:439 [inline]
   [<0000000057619e23>] slab_alloc mm/slab.c:3326 [inline]
   [<0000000057619e23>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
   [<0000000086ce5479>] kmalloc include/linux/slab.h:547 [inline]
   [<0000000086ce5479>] start_sync_thread+0x5d2/0xe10 net/netfilter/ipvs/ip_vs_sync.c:1862
   [<000000001a9229cc>] do_ip_vs_set_ctl+0x4c5/0x780 net/netfilter/ipvs/ip_vs_ctl.c:2402
   [<00000000ece457c8>] nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
   [<00000000ece457c8>] nf_setsockopt+0x4c/0x80 net/netfilter/nf_sockopt.c:115
   [<00000000942f62d4>] ip_setsockopt net/ipv4/ip_sockglue.c:1258 [inline]
   [<00000000942f62d4>] ip_setsockopt+0x9b/0xb0 net/ipv4/ip_sockglue.c:1238
   [<00000000a56a8ffd>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
   [<00000000fa895401>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
   [<0000000095eef4cf>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
   [<000000009747cf88>] __do_sys_setsockopt net/socket.c:2089 [inline]
   [<000000009747cf88>] __se_sys_setsockopt net/socket.c:2086 [inline]
   [<000000009747cf88>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
   [<00000000ded8ba80>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
   [<00000000893b4ac8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported-by: syzbot+7e2e50c8adfccd2e5041@syzkaller.appspotmail.com
Suggested-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 998e7a7680 ("ipvs: Use kthread_run() instead of doing a double-fork via kernel_thread()")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-07-26 09:14:11 +02:00
..
acpi ACPICA: Update version to 20180810 2018-08-14 23:49:13 +02:00
asm-generic futex: Update comments and docs about return values of arch futex code 2019-07-03 13:14:49 +02:00
clocksource
crypto crypto: speck - remove Speck 2018-11-13 11:08:46 -08:00
drm drm: add fallback override/firmware EDID modes workaround 2019-06-19 08:18:07 +02:00
dt-bindings ARM: SoC: late updates 2018-08-25 14:12:36 -07:00
keys keys: Fix dependency loop between construction record and auth key 2019-03-23 20:09:48 +01:00
kvm KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock 2019-03-23 20:09:42 +01:00
linux rcu: Force inlining of rcu_read_lock() 2019-07-26 09:14:07 +02:00
math-emu
media media: vb2: add waiting_in_dqbuf flag 2019-05-31 06:46:04 -07:00
memory
misc
net ipvs: fix tinfo memory leak in start_sync_thread 2019-07-26 09:14:11 +02:00
pcmcia pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function 2018-08-18 12:30:42 -07:00
ras
rdma IB/rxe: Revise the ib_wr_opcode enum 2018-11-13 11:08:43 -08:00
scsi scsi: fcoe: make use of fip_mode enum complete 2019-04-05 22:33:04 +02:00
soc soc: fsl: qbman: add APIs to retrieve the probing status 2018-09-27 15:43:35 -05:00
sound ALSA: compress: Fix stop handling on compressed capture streams 2019-02-12 19:47:23 +01:00
target scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough 2019-01-26 09:32:38 +01:00
trace rxrpc: Fix client call connect/disconnect race 2019-04-20 09:16:05 +02:00
uapi nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header 2019-07-21 09:03:02 +02:00
video udlfb: introduce a rendering mutex 2019-05-25 18:23:30 +02:00
xen Revert "xen/balloon: Mark unallocated host memory as UNUSABLE" 2018-12-17 09:24:39 +01:00