From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sergei Shtylyov Subject: Re: net: memory leak in socket Date: Wed, 10 Jan 2018 12:30:05 +0300 Message-ID: <0578c35c-43a7-ad5f-9cd9-c7ba5fde522f@cogentembedded.com> References: <20180109185351.GE13338@ZenIV.linux.org.uk> <20180109205303.GF13338@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: netdev , LKML , Alexey Kuznetsov , Hideaki YOSHIFUJI , Eric Dumazet , Willem de Bruijn , syzkaller , Dmitry Vyukov To: Al Viro , David Miller Return-path: In-Reply-To: <20180109205303.GF13338@ZenIV.linux.org.uk> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Hello! On 1/9/2018 11:53 PM, Al Viro wrote: >>> Argh... Got broken by "make sock_alloc_file() do sock_release() on failures" - >>> cleanup after sock_map_fd() failure got pulled all the way into sock_alloc_file(), >>> but it used to serve the case when sock_map_fd() failed *before* getting to >>> sock_alloc_file(). >>> >>> Fixes: commit 8e1611e23579 (make sock_alloc_file() do sock_release() on failures) >>> Signed-off-by: Al Viro >> >> Please add: >> >> Reported-by: Dmitry Vyukov > > Sure, no problem. Dave, which tree should that go through? Do you pick it, or > should I send the below directly to Linus? > ---- > Fix a leak in socket(2) when we fail to allocate a file descriptor. > > Got broken by "make sock_alloc_file() do sock_release() on failures" - > cleanup after sock_map_fd() failure got pulled all the way into > sock_alloc_file(), but it used to serve the case when sock_map_fd() > failed *before* getting to sock_alloc_file() as well, and that got > lost. Trivial to fix, fortunately. > > Fixes: commit 8e1611e23579 (make sock_alloc_file() do sock_release() on failures) Fixes: 8e1611e23579 ("make sock_alloc_file() do sock_release() on failures") > Reported-by: Dmitry Vyukov > Signed-off-by: Al Viro [...] MBR, Sergei