From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hulk Robot <hulkci@huawei.com>,
Yang Yingliang <yangyingliang@huawei.com>,
Nikolay Aleksandrov <nikolay@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 34/62] net: bridge: fix memleak in br_add_if()
Date: Mon, 16 Aug 2021 15:02:06 +0200 [thread overview]
Message-ID: <20210816125429.362901792@linuxfoundation.org> (raw)
In-Reply-To: <20210816125428.198692661@linuxfoundation.org>
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 519133debcc19f5c834e7e28480b60bdc234fe02 ]
I got a memleak report:
BUG: memory leak
unreferenced object 0x607ee521a658 (size 240):
comm "syz-executor.0", pid 955, jiffies 4294780569 (age 16.449s)
hex dump (first 32 bytes, cpu 1):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d830ea5a>] br_multicast_add_port+0x1c2/0x300 net/bridge/br_multicast.c:1693
[<00000000274d9a71>] new_nbp net/bridge/br_if.c:435 [inline]
[<00000000274d9a71>] br_add_if+0x670/0x1740 net/bridge/br_if.c:611
[<0000000012ce888e>] do_set_master net/core/rtnetlink.c:2513 [inline]
[<0000000012ce888e>] do_set_master+0x1aa/0x210 net/core/rtnetlink.c:2487
[<0000000099d1cafc>] __rtnl_newlink+0x1095/0x13e0 net/core/rtnetlink.c:3457
[<00000000a01facc0>] rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3488
[<00000000acc9186c>] rtnetlink_rcv_msg+0x369/0xa10 net/core/rtnetlink.c:5550
[<00000000d4aabb9c>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[<00000000bc2e12a3>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[<00000000bc2e12a3>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340
[<00000000e4dc2d0e>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[<000000000d22c8b3>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<000000000d22c8b3>] sock_sendmsg+0x139/0x170 net/socket.c:674
[<00000000e281417a>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[<00000000237aa2ab>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[<000000004f2dc381>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[<0000000005feca6c>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[<000000007304477d>] entry_SYSCALL_64_after_hwframe+0x44/0xae
On error path of br_add_if(), p->mcast_stats allocated in
new_nbp() need be freed, or it will be leaked.
Fixes: 1080ab95e3c7 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20210809132023.978546-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_if.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index bec20dbf6f60..e2a999890d05 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -599,6 +599,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
err = dev_set_allmulti(dev, 1);
if (err) {
+ br_multicast_del_port(p);
kfree(p); /* kobject not yet init'd, manually free */
goto err1;
}
@@ -712,6 +713,7 @@ err4:
err3:
sysfs_remove_link(br->ifobj, p->dev->name);
err2:
+ br_multicast_del_port(p);
kobject_put(&p->kobj);
dev_set_allmulti(dev, -1);
err1:
--
2.30.2
next prev parent reply other threads:[~2021-08-16 13:04 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-16 13:01 [PATCH 5.4 00/62] 5.4.142-rc1 review Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 01/62] iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 02/62] iio: humidity: hdc100x: Add margin to the conversion time Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 03/62] iio: adc: Fix incorrect exit of for-loop Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 04/62] ASoC: xilinx: Fix reference to PCM buffer address Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 05/62] ASoC: intel: atom: " Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 06/62] i2c: dev: zero out array used for i2c reads from userspace Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 07/62] ceph: reduce contention in ceph_check_delayed_caps() Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 08/62] ACPI: NFIT: Fix support for virtual SPA ranges Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 09/62] libnvdimm/region: Fix label activation vs errors Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 10/62] ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 11/62] ieee802154: hwsim: fix GPF in hwsim_new_edge_nl Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 12/62] ASoC: cs42l42: Correct definition of ADC Volume control Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 13/62] ASoC: cs42l42: Dont allow SND_SOC_DAIFMT_LEFT_J Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 14/62] ASoC: cs42l42: Fix inversion of ADC Notch Switch control Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 15/62] ASoC: cs42l42: Remove duplicate control for WNF filter frequency Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 16/62] netfilter: nf_conntrack_bridge: Fix memory leak when error Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 17/62] ASoC: cs42l42: Fix LRCLK frame start edge Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 18/62] net: dsa: mt7530: add the missing RxUnicast MIB counter Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 19/62] platform/x86: pcengines-apuv2: revert wiring up simswitch GPIO as LED Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 20/62] platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 21/62] net: phy: micrel: Fix link detection on ksz87xx switch" Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 22/62] ppp: Fix generating ifname when empty IFLA_IFNAME is specified Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 23/62] net: sched: act_mirred: Reset ct info when mirror/redirect skb Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 24/62] iavf: Set RSS LUT and key in reset handle path Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 25/62] psample: Add a fwd declaration for skbuff Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 26/62] net/mlx5: Fix return value from tracer initialization Greg Kroah-Hartman
2021-08-16 13:01 ` [PATCH 5.4 27/62] drm/meson: fix colour distortion from HDR set during vendor u-boot Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 28/62] net: dsa: microchip: Fix ksz_read64() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 29/62] net: Fix memory leak in ieee802154_raw_deliver Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 30/62] net: igmp: fix data-race in igmp_ifc_timer_expire() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 31/62] net: dsa: lan9303: fix broken backpressure in .port_fdb_dump Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 32/62] net: dsa: lantiq: " Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 33/62] net: dsa: sja1105: " Greg Kroah-Hartman
2021-08-16 13:02 ` Greg Kroah-Hartman [this message]
2021-08-16 13:02 ` [PATCH 5.4 35/62] net: linkwatch: fix failure to restore device state across suspend/resume Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 36/62] tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 37/62] net: igmp: increase size of mr_ifc_count Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 38/62] xen/events: Fix race in set_evtchn_to_irq Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 39/62] vsock/virtio: avoid potential deadlock when vsock device remove Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 40/62] nbd: Aovid double completion of a request Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 41/62] powerpc/kprobes: Fix kprobe Oops happens in booke Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 42/62] x86/tools: Fix objdump version check again Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 43/62] genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 44/62] x86/msi: Force affinity setup before startup Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 45/62] x86/ioapic: " Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 46/62] x86/resctrl: Fix default monitoring groups reporting Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 47/62] genirq/msi: Ensure deactivation on teardown Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 48/62] genirq/timings: Prevent potential array overflow in __irq_timings_store() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 49/62] PCI/MSI: Enable and mask MSI-X early Greg Kroah-Hartman
2021-08-17 7:36 ` Pavel Machek
2021-08-18 6:53 ` Greg Kroah-Hartman
2021-08-18 9:19 ` Greg Kroah-Hartman
2021-08-18 19:30 ` Pavel Machek
2021-08-16 13:02 ` [PATCH 5.4 50/62] PCI/MSI: Mask all unused MSI-X entries Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 51/62] PCI/MSI: Enforce that MSI-X table entry is masked for update Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 52/62] PCI/MSI: Enforce MSI[X] entry updates to be visible Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 53/62] PCI/MSI: Do not set invalid bits in MSI mask Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 54/62] PCI/MSI: Correct misleading comments Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 55/62] PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 56/62] PCI/MSI: Protect msi_desc::masked for multi-MSI Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 57/62] KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 58/62] ceph: add some lockdep assertions around snaprealm handling Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 59/62] ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 60/62] ceph: take snap_empty_lock atomically with snaprealm refcount change Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 61/62] vmlinux.lds.h: Handle clangs module.{c,d}tor sections Greg Kroah-Hartman
2021-08-16 13:02 ` [PATCH 5.4 62/62] iommu/vt-d: Fix agaw for a supported 48 bit guest address width Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210816125429.362901792@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=hulkci@huawei.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nikolay@nvidia.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.