From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92C99C77B60 for ; Wed, 26 Apr 2023 08:48:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239416AbjDZIs6 (ORCPT ); Wed, 26 Apr 2023 04:48:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229744AbjDZIs5 (ORCPT ); Wed, 26 Apr 2023 04:48:57 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4BA92D74 for ; Wed, 26 Apr 2023 01:48:55 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 858F65C0159; Wed, 26 Apr 2023 04:48:53 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 26 Apr 2023 04:48:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1682498933; x=1682585333; bh=gwjktluHZ/jR1 uCIP5SMwoOmTsqnk8uXOp1NhFmCIVg=; b=D377+L8miO6RFObZszaB4nFOOdkyq A32vCvbc6kzUPB6oyQCqaHWT5gQtqethQRkIjACjKsdTuDZUOhU+qMNHWXj38jxi vEB/QUaLfp/QRtbJxCq0EjCpyDSjJ2uYUO4halJGB4vVrndgNyTQ1ezaDzJ6zGZn tDqrH22/SCcOjl7jnWmwur4Jl+f5lqfqAhBUdtLbgAxvvSjCZvftOx0KAaI7NJkI wtcJ5OTsydTw9N9Z34KjHVOJqM7R9QhQjyCiog1ZfUn7P9X9kXZud7mATNRi26VI Vz2ZkdaGE/josBL1AWDYEXbpFQ316gKZYNsYDK5Ee4tKISzwENDBUI03w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedugedgtdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepkfguohcu ufgthhhimhhmvghluceoihguohhstghhsehiughoshgthhdrohhrgheqnecuggftrfgrth htvghrnhepvddufeevkeehueegfedtvdevfefgudeifeduieefgfelkeehgeelgeejjeeg gefhnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepih guohhstghhsehiughoshgthhdrohhrgh X-ME-Proxy: Feedback-ID: i494840e7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Apr 2023 04:48:52 -0400 (EDT) Date: Wed, 26 Apr 2023 11:48:49 +0300 From: Ido Schimmel To: Pedro Tammela Cc: netdev@vger.kernel.org, jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Subject: Re: [PATCH net-next] net/sched: act_pedit: free pedit keys on bail from offset check Message-ID: References: <20230425144725.669262-1-pctammela@mojatatu.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230425144725.669262-1-pctammela@mojatatu.com> Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Tue, Apr 25, 2023 at 11:47:25AM -0300, Pedro Tammela wrote: > Ido Schimmel reports a memleak on a syzkaller instance: > BUG: memory leak > unreferenced object 0xffff88803d45e400 (size 1024): > comm "syz-executor292", pid 563, jiffies 4295025223 (age 51.781s) > hex dump (first 32 bytes): > 28 bd 70 00 fb db df 25 02 00 14 1f ff 02 00 02 (.p....%........ > 00 32 00 00 1f 00 00 00 ac 14 14 3e 08 00 07 00 .2.........>.... > backtrace: > [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] > [] slab_post_alloc_hook mm/slab.h:772 [inline] > [] slab_alloc_node mm/slub.c:3452 [inline] > [] __kmem_cache_alloc_node+0x25c/0x320 mm/slub.c:3491 > [] __do_kmalloc_node mm/slab_common.c:966 [inline] > [] __kmalloc+0x59/0x1a0 mm/slab_common.c:980 > [] kmalloc include/linux/slab.h:584 [inline] > [] tcf_pedit_init+0x793/0x1ae0 net/sched/act_pedit.c:245 > [] tcf_action_init_1+0x453/0x6e0 net/sched/act_api.c:1394 > [] tcf_action_init+0x5a8/0x950 net/sched/act_api.c:1459 > [] tcf_action_add+0x118/0x4e0 net/sched/act_api.c:1985 > [] tc_ctl_action+0x377/0x490 net/sched/act_api.c:2044 > [] rtnetlink_rcv_msg+0x46d/0xd70 net/core/rtnetlink.c:6395 > [] netlink_rcv_skb+0x185/0x490 net/netlink/af_netlink.c:2575 > [] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6413 > [] netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] > [] netlink_unicast+0x5be/0x8a0 net/netlink/af_netlink.c:1365 > [] netlink_sendmsg+0x9af/0xed0 net/netlink/af_netlink.c:1942 > [] sock_sendmsg_nosec net/socket.c:724 [inline] > [] sock_sendmsg net/socket.c:747 [inline] > [] ____sys_sendmsg+0x3ef/0xaa0 net/socket.c:2503 > [] ___sys_sendmsg+0x122/0x1c0 net/socket.c:2557 > [] __sys_sendmsg+0x11f/0x200 net/socket.c:2586 > [] __do_sys_sendmsg net/socket.c:2595 [inline] > [] __se_sys_sendmsg net/socket.c:2593 [inline] > [] __x64_sys_sendmsg+0x80/0xc0 net/socket.c:2593 > > The recently added static offset check missed a free to the key buffer when > bailing out on error. > > Fixes: e1201bc781c2 ("net/sched: act_pedit: check static offsets a priori") > Reported-by: Ido Schimmel > Signed-off-by: Pedro Tammela Reviewed-by: Ido Schimmel Tested-by: Ido Schimmel