From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDAA930215D for ; Fri, 14 Nov 2025 09:29:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763112565; cv=none; b=W++ftlhIma4sk2OC04E0De+dBtnGAU7+31mpUo6nL9jcujhvKkLiDHrJqao70Es4dpo9Ra2wnImV6CnrOM3uY3uYM/u9jamVkt0H9Hq3HuYSKV7ZU3GNXNjiYFyEKJqPaA/5D5ynDwjwUd1+EUGEgUHkdvV8YKlOOGg1iZQ9po8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763112565; c=relaxed/simple; bh=w4MIOoLjN8U0okIVqAC3z7EUHH1SjL4kinBhjGfpsrM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=YlHKxgL8NcSvooMfNK1I1R3BwboXN4UM7MWD/wKJWA/ZbkTMc04+idrR6dPOrJ0Cn44sl5pxNhEAXSnMqlBWPAuD2tIxVUdL5YNWIbVs5CGzYGhoKScCzfh4MZyYih/1CP4fbOdyKWb/zZ7NDGKB0Ep8r+wE1y9voxXGb2ya7MU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KVhA9oaA; arc=none smtp.client-ip=209.85.208.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KVhA9oaA" Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-37b95f87d4eso15279721fa.1 for ; Fri, 14 Nov 2025 01:29:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763112562; x=1763717362; darn=vger.kernel.org; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=gmPiCIV2dfQPqqtE01dB9n+ivtCCV8wFWoBvVk0Ltec=; b=KVhA9oaAAZznIos0AJGObAe2to4brGglTKFhYWinsaUAOLNNWMd4DYprDtQv8RMm0K g+5WXJB43bw5SycbG/Bv8xy582H1wgcboIj4BenXj0xP+kdCvsb7pcXGExH6/8Qe4M9r UvUi3nu7eZ8bCvevw2fJJBJLonN3PzZMY5pVGTuanRjnX4z0UaVDap3XuOqHoD2y5n5z asirnn4LuYVm6elN17mzyXrCtVuu5QgAd0umbuIOmaXMTdo5iPm/IJNqcRAjyrUndENm FosFq/lKMlDI1CI2HYkxPfvhd/d4nUJgR/8h1mgrv3lz0+hbfD/PkR3wrtTLZT5plmiB 1tKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763112562; x=1763717362; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gmPiCIV2dfQPqqtE01dB9n+ivtCCV8wFWoBvVk0Ltec=; b=RRLGR/NVy1W2iVTiQc21BYVY89P1pYQB+XhPaqIIpbazPV3khLai73fJbeFDvt2zWg EQ9bjj9ahuVvKU59TwCTF7LnqMFT52LlKABpGZwbgqnh4POs/lRNFunGYWMWVVXxvP84 ypdIoOQOeu4TnJgvm5k/wS8Gl+4bwh0AuO+kgQPiWAnG0Z3gl6l88r2CDN31nzBDWedw FiPrUnaLQ5RUO2n++LXafKvJN1OAvn64OhJFZSYtHwHaA9ZQmptjbgDIqXWgMBggQynI xPM1ofJJdJh4BQoQHGF02C76qSGzskq7xKmKkoXHH6Cml1nvj1YObRPaSK9v/+PR8R8S HARQ== X-Forwarded-Encrypted: i=1; AJvYcCWjPdHlUDF+l6RzgYynpuTLK8MVY2Dsunl6EldndCh5KkdK/0gKE57X1oU0tAcIKejVV9Ap5nHN8m4nSIs=@vger.kernel.org X-Gm-Message-State: AOJu0YzN8JPAhzkuNpKR0lh3BMM5ZDFsPppBjxxzjiBcTSz3WA5ZwYkJ NFFQuGy+/aABY2MYq0DbacgkKVcJq/ZcKupiJdx9b9uFQOpo0EMQ4ceS X-Gm-Gg: ASbGnctS8/D08iqY2GUlux2cKJ5rcVU10msY16qUDUvcDLjWAR9t6gg3N44a6xh+4qM E0sR/5QXA8FOilderkIkyO5FUF1/a0NtISEhKIStxKkVkzOtnwEqT5iAlH3cmDpZg/aZ3xEtsTo /WyRtojajfjbAN3y3vnYYJvxKha6DEVjYhboOxFIyk6qNZJs6IfVd4t5iSl2z/4Ckj20keTz5TO Mvfq3USOK7uI8frqSOqMzU2oq4vo+k7cDn948fevVfrLnLkg95GYnBW9I8XpQ4icZFFuMsnz3CZ SCbpkwoeS3fR4wie3TIn6u4GDnsyxB1yMsbpfl9ZwmXm10k/wj1hBDe1ZkQ4n++Gkkte+Ci89vo WKlidI7d5gndraBDWIBGtCLUBLhktydnQyMf4K42vg89o/qwwBNvdYmhaeYpicOYaAFLHbfgpzA RTolFqnranCyNzBw== X-Google-Smtp-Source: AGHT+IFl2CR/PALkfrgYLx7IWhL5tpYzoxc7+kv3dQhRIgrQ1fahU2zPpMRyDiQbuHuzHonGJPXqmQ== X-Received: by 2002:a05:6512:39cf:b0:594:768d:c3ef with SMTP id 2adb3069b0e04-595841feb40mr739661e87.30.1763112561608; Fri, 14 Nov 2025 01:29:21 -0800 (PST) Received: from grain.localdomain ([5.18.255.97]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-595803b33acsm947091e87.33.2025.11.14.01.29.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 01:29:21 -0800 (PST) Received: by grain.localdomain (Postfix, from userid 1000) id 8D5E75A0033; Fri, 14 Nov 2025 12:29:19 +0300 (MSK) Date: Fri, 14 Nov 2025 12:29:19 +0300 From: Cyrill Gorcunov To: Eslam Khafagy Cc: anna-maria@linutronix.de, frederic@kernel.org, tglx@linutronix.de, syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org, syzbot+9c47ad18f978d4394986@syzkaller.appspotmail.com Subject: Re: [PATCH] posix-timers: Fix potential memory leak in do_timer_create() Message-ID: References: <20251114050621.875131-1-eslam.medhat1993@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20251114050621.875131-1-eslam.medhat1993@gmail.com> User-Agent: Mutt/2.2.14 (2025-02-20) On Fri, Nov 14, 2025 at 07:06:21AM +0200, Eslam Khafagy wrote: > potential memory leak may happen if user space pointer created_timer_id > is invallid. or the value it points to is invalid. the call will > prematurely return. > > However it doesn't free the memory it allocates with > alloc_posix_timer(). This patch attemps to fix that. > > Reported-and-tested-by: syzbot+9c47ad18f978d4394986@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/69155df4.a70a0220.3124cb.0017.GAE@google.com/T/ > Fixes: ec2d0c04624b3c8a7eb1682e006717fa20cfbe24 ("posix-timers: Provide a mechanism to allocate a given timer ID") > Signed-off-by: Eslam Khafagy Simply move parameters check _before_ new timer allocation please, this way you won't need new code at all :)