* [PATCH] cgroup: Fix memory leak when parsing multiple source parameters
@ 2020-12-09 12:13 Qinglang Miao
2020-12-09 13:59 ` kernel test robot
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Qinglang Miao @ 2020-12-09 12:13 UTC (permalink / raw)
To: Tejun Heo, Li Zefan, Johannes Weiner
Cc: cgroups-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, Qinglang Miao
A memory leak is found in cgroup1_parse_param() when multiple source
parameters overwrite fc->source in the fs_context struct without free.
unreferenced object 0xffff888100d930e0 (size 16):
comm "mount", pid 520, jiffies 4303326831 (age 152.783s)
hex dump (first 16 bytes):
74 65 73 74 6c 65 61 6b 00 00 00 00 00 00 00 00 testleak........
backtrace:
[<000000003e5023ec>] kmemdup_nul+0x2d/0xa0
[<00000000377dbdaa>] vfs_parse_fs_string+0xc0/0x150
[<00000000cb2b4882>] generic_parse_monolithic+0x15a/0x1d0
[<000000000f750198>] path_mount+0xee1/0x1820
[<0000000004756de2>] do_mount+0xea/0x100
[<0000000094cafb0a>] __x64_sys_mount+0x14b/0x1f0
Fix this bug by permitting a single source parameter and rejecting with
an error all subsequent ones.
Fixes: 8d2451f4994f ("cgroup1: switch to option-by-option parsing")
Reported-by: Hulk Robot <hulkci-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Signed-off-by: Qinglang Miao <miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
---
kernel/cgroup/cgroup-v1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 191c329e4..1fd7d3d18 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -908,6 +908,9 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param)
opt = fs_parse(fc, cgroup1_fs_parameters, param, &result);
if (opt == -ENOPARAM) {
if (strcmp(param->key, "source") == 0) {
+ if (fc->source)
+ return invalf(fc, "Multiple sources not
+ supported");
fc->source = param->string;
param->string = NULL;
return 0;
--
2.23.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] cgroup: Fix memory leak when parsing multiple source parameters 2020-12-09 12:13 [PATCH] cgroup: Fix memory leak when parsing multiple source parameters Qinglang Miao @ 2020-12-09 13:59 ` kernel test robot [not found] ` <20201209121322.77665-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> ` (2 subsequent siblings) 3 siblings, 0 replies; 7+ messages in thread From: kernel test robot @ 2020-12-09 13:59 UTC (permalink / raw) To: Qinglang Miao, Tejun Heo, Li Zefan, Johannes Weiner Cc: kbuild-all, cgroups, linux-kernel, Qinglang Miao [-- Attachment #1: Type: text/plain, Size: 7307 bytes --] Hi Qinglang, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on cgroup/for-next] [also build test WARNING on v5.10-rc7 next-20201208] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Qinglang-Miao/cgroup-Fix-memory-leak-when-parsing-multiple-source-parameters/20201209-201041 base: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git for-next config: x86_64-randconfig-s031-20201209 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 reproduce: # apt-get install sparse # sparse version: v0.6.3-179-ga00755aa-dirty # https://github.com/0day-ci/linux/commit/f80ce6cc8c1bde7ecab3fed9f9a514091cec6f56 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Qinglang-Miao/cgroup-Fix-memory-leak-when-parsing-multiple-source-parameters/20201209-201041 git checkout f80ce6cc8c1bde7ecab3fed9f9a514091cec6f56 # save the attached .config to linux build tree make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> All warnings (new ones prefixed by >>): kernel/cgroup/cgroup-v1.c: In function 'cgroup1_parse_param': >> kernel/cgroup/cgroup-v1.c:912:23: warning: missing terminating " character 912 | return invalf(fc, "Multiple sources not | ^ kernel/cgroup/cgroup-v1.c:913:18: warning: missing terminating " character 913 | supported"); | ^ kernel/cgroup/cgroup-v1.c:1276: error: unterminated argument list invoking macro "invalf" 1276 | __setup("cgroup_no_v1=", cgroup_no_v1); | kernel/cgroup/cgroup-v1.c:912:12: error: 'invalf' undeclared (first use in this function) 912 | return invalf(fc, "Multiple sources not | ^~~~~~ kernel/cgroup/cgroup-v1.c:912:12: note: each undeclared identifier is reported only once for each function it appears in kernel/cgroup/cgroup-v1.c:912:18: error: expected ';' at end of input 912 | return invalf(fc, "Multiple sources not | ^ | ; ...... 1276 | __setup("cgroup_no_v1=", cgroup_no_v1); | kernel/cgroup/cgroup-v1.c:1276: note: '-Wmisleading-indentation' is disabled from this point onwards, since column-tracking was disabled due to the size of the code/headers 1276 | __setup("cgroup_no_v1=", cgroup_no_v1); | kernel/cgroup/cgroup-v1.c:912:5: error: expected declaration or statement at end of input 912 | return invalf(fc, "Multiple sources not | ^~~~~~ kernel/cgroup/cgroup-v1.c:912:5: error: expected declaration or statement at end of input kernel/cgroup/cgroup-v1.c:912:5: error: expected declaration or statement at end of input kernel/cgroup/cgroup-v1.c:906:11: warning: unused variable 'i' [-Wunused-variable] 906 | int opt, i; | ^ kernel/cgroup/cgroup-v1.c:904:24: warning: unused variable 'ss' [-Wunused-variable] 904 | struct cgroup_subsys *ss; | ^~ kernel/cgroup/cgroup-v1.c:903:28: warning: unused variable 'ctx' [-Wunused-variable] 903 | struct cgroup_fs_context *ctx = cgroup_fc2context(fc); | ^~~ kernel/cgroup/cgroup-v1.c:1276: error: control reaches end of non-void function [-Werror=return-type] 1276 | __setup("cgroup_no_v1=", cgroup_no_v1); | At top level: kernel/cgroup/cgroup-v1.c:849:12: warning: 'cgroup1_show_options' defined but not used [-Wunused-function] 849 | static int cgroup1_show_options(struct seq_file *seq, struct kernfs_root *kf_root) | ^~~~~~~~~~~~~~~~~~~~ kernel/cgroup/cgroup-v1.c:817:12: warning: 'cgroup1_rename' defined but not used [-Wunused-function] 817 | static int cgroup1_rename(struct kernfs_node *kn, struct kernfs_node *new_parent, | ^~~~~~~~~~~~~~ kernel/cgroup/cgroup-v1.c:33:13: warning: 'cgroup_no_v1_named' defined but not used [-Wunused-variable] 33 | static bool cgroup_no_v1_named; | ^~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors vim +912 kernel/cgroup/cgroup-v1.c 900 901 int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) 902 { 903 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 904 struct cgroup_subsys *ss; 905 struct fs_parse_result result; 906 int opt, i; 907 908 opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); 909 if (opt == -ENOPARAM) { 910 if (strcmp(param->key, "source") == 0) { 911 if (fc->source) > 912 return invalf(fc, "Multiple sources not 913 supported"); 914 fc->source = param->string; 915 param->string = NULL; 916 return 0; 917 } 918 for_each_subsys(ss, i) { 919 if (strcmp(param->key, ss->legacy_name)) 920 continue; 921 ctx->subsys_mask |= (1 << i); 922 return 0; 923 } 924 return invalfc(fc, "Unknown subsys name '%s'", param->key); 925 } 926 if (opt < 0) 927 return opt; 928 929 switch (opt) { 930 case Opt_none: 931 /* Explicitly have no subsystems */ 932 ctx->none = true; 933 break; 934 case Opt_all: 935 ctx->all_ss = true; 936 break; 937 case Opt_noprefix: 938 ctx->flags |= CGRP_ROOT_NOPREFIX; 939 break; 940 case Opt_clone_children: 941 ctx->cpuset_clone_children = true; 942 break; 943 case Opt_cpuset_v2_mode: 944 ctx->flags |= CGRP_ROOT_CPUSET_V2_MODE; 945 break; 946 case Opt_xattr: 947 ctx->flags |= CGRP_ROOT_XATTR; 948 break; 949 case Opt_release_agent: 950 /* Specifying two release agents is forbidden */ 951 if (ctx->release_agent) 952 return invalfc(fc, "release_agent respecified"); 953 ctx->release_agent = param->string; 954 param->string = NULL; 955 break; 956 case Opt_name: 957 /* blocked by boot param? */ 958 if (cgroup_no_v1_named) 959 return -ENOENT; 960 /* Can't specify an empty name */ 961 if (!param->size) 962 return invalfc(fc, "Empty name"); 963 if (param->size > MAX_CGROUP_ROOT_NAMELEN - 1) 964 return invalfc(fc, "Name too long"); 965 /* Must match [\w.-]+ */ 966 for (i = 0; i < param->size; i++) { 967 char c = param->string[i]; 968 if (isalnum(c)) 969 continue; 970 if ((c == '.') || (c == '-') || (c == '_')) 971 continue; 972 return invalfc(fc, "Invalid name"); 973 } 974 /* Specifying two names is forbidden */ 975 if (ctx->name) 976 return invalfc(fc, "name respecified"); 977 ctx->name = param->string; 978 param->string = NULL; 979 break; 980 } 981 return 0; 982 } 983 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org [-- Attachment #2: .config.gz --] [-- Type: application/gzip, Size: 36640 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20201209121322.77665-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>]
* Re: [PATCH] cgroup: Fix memory leak when parsing multiple source parameters [not found] ` <20201209121322.77665-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> @ 2020-12-09 15:33 ` kernel test robot 0 siblings, 0 replies; 7+ messages in thread From: kernel test robot @ 2020-12-09 15:33 UTC (permalink / raw) To: Qinglang Miao, Tejun Heo, Li Zefan, Johannes Weiner Cc: kbuild-all-hn68Rpc1hR1g9hUCZPvPmw, clang-built-linux-/JYPxA39Uh5TLH3MbocFFw, cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA, Qinglang Miao [-- Attachment #1: Type: text/plain, Size: 6275 bytes --] Hi Qinglang, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on cgroup/for-next] [also build test WARNING on v5.10-rc7 next-20201209] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Qinglang-Miao/cgroup-Fix-memory-leak-when-parsing-multiple-source-parameters/20201209-201041 base: https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git for-next config: x86_64-randconfig-a004-20201209 (attached as .config) compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 1968804ac726e7674d5de22bc2204b45857da344) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://github.com/0day-ci/linux/commit/f80ce6cc8c1bde7ecab3fed9f9a514091cec6f56 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Qinglang-Miao/cgroup-Fix-memory-leak-when-parsing-multiple-source-parameters/20201209-201041 git checkout f80ce6cc8c1bde7ecab3fed9f9a514091cec6f56 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> All warnings (new ones prefixed by >>): >> kernel/cgroup/cgroup-v1.c:912:23: warning: missing terminating '"' character [-Winvalid-pp-token] return invalf(fc, "Multiple sources not ^ kernel/cgroup/cgroup-v1.c:913:18: warning: missing terminating '"' character [-Winvalid-pp-token] supported"); ^ kernel/cgroup/cgroup-v1.c:912:12: error: unterminated function-like macro invocation return invalf(fc, "Multiple sources not ^ include/linux/fs_context.h:241:9: note: macro 'invalf' defined here #define invalf(fc, fmt, ...) (errorf(fc, fmt, ## __VA_ARGS__), -EINVAL) ^ kernel/cgroup/cgroup-v1.c:1276:40: error: expected expression __setup("cgroup_no_v1=", cgroup_no_v1); ^ kernel/cgroup/cgroup-v1.c:1276:40: error: expected '}' kernel/cgroup/cgroup-v1.c:910:42: note: to match this '{' if (strcmp(param->key, "source") == 0) { ^ kernel/cgroup/cgroup-v1.c:1276:40: error: expected '}' __setup("cgroup_no_v1=", cgroup_no_v1); ^ kernel/cgroup/cgroup-v1.c:909:24: note: to match this '{' if (opt == -ENOPARAM) { ^ kernel/cgroup/cgroup-v1.c:1276:40: error: expected '}' __setup("cgroup_no_v1=", cgroup_no_v1); ^ kernel/cgroup/cgroup-v1.c:902:1: note: to match this '{' { ^ 2 warnings and 5 errors generated. vim +912 kernel/cgroup/cgroup-v1.c 900 901 int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) 902 { 903 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 904 struct cgroup_subsys *ss; 905 struct fs_parse_result result; 906 int opt, i; 907 908 opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); 909 if (opt == -ENOPARAM) { 910 if (strcmp(param->key, "source") == 0) { 911 if (fc->source) > 912 return invalf(fc, "Multiple sources not 913 supported"); 914 fc->source = param->string; 915 param->string = NULL; 916 return 0; 917 } 918 for_each_subsys(ss, i) { 919 if (strcmp(param->key, ss->legacy_name)) 920 continue; 921 ctx->subsys_mask |= (1 << i); 922 return 0; 923 } 924 return invalfc(fc, "Unknown subsys name '%s'", param->key); 925 } 926 if (opt < 0) 927 return opt; 928 929 switch (opt) { 930 case Opt_none: 931 /* Explicitly have no subsystems */ 932 ctx->none = true; 933 break; 934 case Opt_all: 935 ctx->all_ss = true; 936 break; 937 case Opt_noprefix: 938 ctx->flags |= CGRP_ROOT_NOPREFIX; 939 break; 940 case Opt_clone_children: 941 ctx->cpuset_clone_children = true; 942 break; 943 case Opt_cpuset_v2_mode: 944 ctx->flags |= CGRP_ROOT_CPUSET_V2_MODE; 945 break; 946 case Opt_xattr: 947 ctx->flags |= CGRP_ROOT_XATTR; 948 break; 949 case Opt_release_agent: 950 /* Specifying two release agents is forbidden */ 951 if (ctx->release_agent) 952 return invalfc(fc, "release_agent respecified"); 953 ctx->release_agent = param->string; 954 param->string = NULL; 955 break; 956 case Opt_name: 957 /* blocked by boot param? */ 958 if (cgroup_no_v1_named) 959 return -ENOENT; 960 /* Can't specify an empty name */ 961 if (!param->size) 962 return invalfc(fc, "Empty name"); 963 if (param->size > MAX_CGROUP_ROOT_NAMELEN - 1) 964 return invalfc(fc, "Name too long"); 965 /* Must match [\w.-]+ */ 966 for (i = 0; i < param->size; i++) { 967 char c = param->string[i]; 968 if (isalnum(c)) 969 continue; 970 if ((c == '.') || (c == '-') || (c == '_')) 971 continue; 972 return invalfc(fc, "Invalid name"); 973 } 974 /* Specifying two names is forbidden */ 975 if (ctx->name) 976 return invalfc(fc, "name respecified"); 977 ctx->name = param->string; 978 param->string = NULL; 979 break; 980 } 981 return 0; 982 } 983 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org [-- Attachment #2: .config.gz --] [-- Type: application/gzip, Size: 40544 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] cgroup: Fix memory leak when parsing multiple source parameters 2020-12-09 12:13 [PATCH] cgroup: Fix memory leak when parsing multiple source parameters Qinglang Miao 2020-12-09 13:59 ` kernel test robot [not found] ` <20201209121322.77665-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> @ 2020-12-10 1:29 ` Qinglang Miao [not found] ` <20201210012943.92845-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> 2020-12-16 15:11 ` Tejun Heo 2020-12-15 8:39 ` [PATCH] " Zefan Li 3 siblings, 2 replies; 7+ messages in thread From: Qinglang Miao @ 2020-12-10 1:29 UTC (permalink / raw) To: Tejun Heo, Li Zefan, Johannes Weiner; +Cc: cgroups, linux-kernel, Qinglang Miao A memory leak is found in cgroup1_parse_param() when multiple source parameters overwrite fc->source in the fs_context struct without free. unreferenced object 0xffff888100d930e0 (size 16): comm "mount", pid 520, jiffies 4303326831 (age 152.783s) hex dump (first 16 bytes): 74 65 73 74 6c 65 61 6b 00 00 00 00 00 00 00 00 testleak........ backtrace: [<000000003e5023ec>] kmemdup_nul+0x2d/0xa0 [<00000000377dbdaa>] vfs_parse_fs_string+0xc0/0x150 [<00000000cb2b4882>] generic_parse_monolithic+0x15a/0x1d0 [<000000000f750198>] path_mount+0xee1/0x1820 [<0000000004756de2>] do_mount+0xea/0x100 [<0000000094cafb0a>] __x64_sys_mount+0x14b/0x1f0 Fix this bug by permitting a single source parameter and rejecting with an error all subsequent ones. Fixes: 8d2451f4994f ("cgroup1: switch to option-by-option parsing") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com> --- v1->v2: fix compile problems caused by superfluous LF in err message. kernel/cgroup/cgroup-v1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c index 191c329e4..32596fdbc 100644 --- a/kernel/cgroup/cgroup-v1.c +++ b/kernel/cgroup/cgroup-v1.c @@ -908,6 +908,8 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); if (opt == -ENOPARAM) { if (strcmp(param->key, "source") == 0) { + if (fc->source) + return invalf(fc, "Multiple sources not supported"); fc->source = param->string; param->string = NULL; return 0; -- 2.23.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
[parent not found: <20201210012943.92845-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>]
* Re: [PATCH v2] cgroup: Fix memory leak when parsing multiple source parameters [not found] ` <20201210012943.92845-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> @ 2020-12-15 8:50 ` Zefan Li 0 siblings, 0 replies; 7+ messages in thread From: Zefan Li @ 2020-12-15 8:50 UTC (permalink / raw) To: Qinglang Miao, Tejun Heo, Johannes Weiner Cc: cgroups-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA (didn't notice you've sent v2 with the printk msg fixed) On 2020/12/10 9:29, Qinglang Miao wrote: > A memory leak is found in cgroup1_parse_param() when multiple source > parameters overwrite fc->source in the fs_context struct without free. > > unreferenced object 0xffff888100d930e0 (size 16): > comm "mount", pid 520, jiffies 4303326831 (age 152.783s) > hex dump (first 16 bytes): > 74 65 73 74 6c 65 61 6b 00 00 00 00 00 00 00 00 testleak........ > backtrace: > [<000000003e5023ec>] kmemdup_nul+0x2d/0xa0 > [<00000000377dbdaa>] vfs_parse_fs_string+0xc0/0x150 > [<00000000cb2b4882>] generic_parse_monolithic+0x15a/0x1d0 > [<000000000f750198>] path_mount+0xee1/0x1820 > [<0000000004756de2>] do_mount+0xea/0x100 > [<0000000094cafb0a>] __x64_sys_mount+0x14b/0x1f0 > > Fix this bug by permitting a single source parameter and rejecting with > an error all subsequent ones. > > Fixes: 8d2451f4994f ("cgroup1: switch to option-by-option parsing") > Reported-by: Hulk Robot <hulkci-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> > Signed-off-by: Qinglang Miao <miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> > --- > v1->v2: fix compile problems caused by superfluous LF in err message. > kernel/cgroup/cgroup-v1.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c > index 191c329e4..32596fdbc 100644 > --- a/kernel/cgroup/cgroup-v1.c > +++ b/kernel/cgroup/cgroup-v1.c > @@ -908,6 +908,8 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) > opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); > if (opt == -ENOPARAM) { > if (strcmp(param->key, "source") == 0) { > + if (fc->source) > + return invalf(fc, "Multiple sources not supported"); Reviewed-by: Zefan Li <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] cgroup: Fix memory leak when parsing multiple source parameters 2020-12-10 1:29 ` [PATCH v2] " Qinglang Miao [not found] ` <20201210012943.92845-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> @ 2020-12-16 15:11 ` Tejun Heo 1 sibling, 0 replies; 7+ messages in thread From: Tejun Heo @ 2020-12-16 15:11 UTC (permalink / raw) To: Qinglang Miao; +Cc: Li Zefan, Johannes Weiner, cgroups, linux-kernel On Thu, Dec 10, 2020 at 09:29:43AM +0800, Qinglang Miao wrote: > A memory leak is found in cgroup1_parse_param() when multiple source > parameters overwrite fc->source in the fs_context struct without free. > > unreferenced object 0xffff888100d930e0 (size 16): > comm "mount", pid 520, jiffies 4303326831 (age 152.783s) > hex dump (first 16 bytes): > 74 65 73 74 6c 65 61 6b 00 00 00 00 00 00 00 00 testleak........ > backtrace: > [<000000003e5023ec>] kmemdup_nul+0x2d/0xa0 > [<00000000377dbdaa>] vfs_parse_fs_string+0xc0/0x150 > [<00000000cb2b4882>] generic_parse_monolithic+0x15a/0x1d0 > [<000000000f750198>] path_mount+0xee1/0x1820 > [<0000000004756de2>] do_mount+0xea/0x100 > [<0000000094cafb0a>] __x64_sys_mount+0x14b/0x1f0 > > Fix this bug by permitting a single source parameter and rejecting with > an error all subsequent ones. > > Fixes: 8d2451f4994f ("cgroup1: switch to option-by-option parsing") > Reported-by: Hulk Robot <hulkci@huawei.com> > Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com> Applied to cgroup/for-5.11. Thanks. -- tejun ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] cgroup: Fix memory leak when parsing multiple source parameters 2020-12-09 12:13 [PATCH] cgroup: Fix memory leak when parsing multiple source parameters Qinglang Miao ` (2 preceding siblings ...) 2020-12-10 1:29 ` [PATCH v2] " Qinglang Miao @ 2020-12-15 8:39 ` Zefan Li 3 siblings, 0 replies; 7+ messages in thread From: Zefan Li @ 2020-12-15 8:39 UTC (permalink / raw) To: Qinglang Miao, Tejun Heo, Johannes Weiner; +Cc: cgroups, linux-kernel On 2020/12/9 20:13, Qinglang Miao wrote: > A memory leak is found in cgroup1_parse_param() when multiple source > parameters overwrite fc->source in the fs_context struct without free. > > unreferenced object 0xffff888100d930e0 (size 16): > comm "mount", pid 520, jiffies 4303326831 (age 152.783s) > hex dump (first 16 bytes): > 74 65 73 74 6c 65 61 6b 00 00 00 00 00 00 00 00 testleak........ > backtrace: > [<000000003e5023ec>] kmemdup_nul+0x2d/0xa0 > [<00000000377dbdaa>] vfs_parse_fs_string+0xc0/0x150 > [<00000000cb2b4882>] generic_parse_monolithic+0x15a/0x1d0 > [<000000000f750198>] path_mount+0xee1/0x1820 > [<0000000004756de2>] do_mount+0xea/0x100 > [<0000000094cafb0a>] __x64_sys_mount+0x14b/0x1f0 > > Fix this bug by permitting a single source parameter and rejecting with > an error all subsequent ones. > > Fixes: 8d2451f4994f ("cgroup1: switch to option-by-option parsing") > Reported-by: Hulk Robot <hulkci@huawei.com> > Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com> > --- > kernel/cgroup/cgroup-v1.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c > index 191c329e4..1fd7d3d18 100644 > --- a/kernel/cgroup/cgroup-v1.c > +++ b/kernel/cgroup/cgroup-v1.c > @@ -908,6 +908,9 @@ int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) > opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); > if (opt == -ENOPARAM) { > if (strcmp(param->key, "source") == 0) { > + if (fc->source) > + return invalf(fc, "Multiple sources not > + supported"); "never break user-visible strings such as printk messages because that breaks the ability to grep for them.", quoted from CodingStyle. Please fix this and you can add Reviewed-by: Zefan Li <lizefan@huawei.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-12-16 15:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-09 12:13 [PATCH] cgroup: Fix memory leak when parsing multiple source parameters Qinglang Miao
2020-12-09 13:59 ` kernel test robot
[not found] ` <20201209121322.77665-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2020-12-09 15:33 ` kernel test robot
2020-12-10 1:29 ` [PATCH v2] " Qinglang Miao
[not found] ` <20201210012943.92845-1-miaoqinglang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2020-12-15 8:50 ` Zefan Li
2020-12-16 15:11 ` Tejun Heo
2020-12-15 8:39 ` [PATCH] " Zefan Li
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox