From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Daniel Borkmann <dborkman@redhat.com>,
Alexei Starovoitov <ast@plumgrid.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>,
Andrey Vagin <avagin@openvz.org>
Subject: [PATCH 3.12 05/83] net: x86: bpf: dont forget to free sk_filter (v2)
Date: Fri, 6 Dec 2013 13:50:55 -0800 [thread overview]
Message-ID: <20131206214640.578168115@linuxfoundation.org> (raw)
In-Reply-To: <20131206214640.002320724@linuxfoundation.org>
3.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Vagin <avagin@openvz.org>
[ Upstream commit 98bbc06aabac5a2dcc46580d20c59baf8ebe479f ]
sk_filter isn't freed if bpf_func is equal to sk_run_filter.
This memory leak was introduced by v3.12-rc3-224-gd45ed4a4
"net: fix unsafe set_memory_rw from softirq".
Before this patch sk_filter was freed in sk_filter_release_rcu,
now it should be freed in bpf_jit_free.
Here is output of kmemleak:
unreferenced object 0xffff8800b774eab0 (size 128):
comm "systemd", pid 1, jiffies 4294669014 (age 124.062s)
hex dump (first 32 bytes):
00 00 00 00 0b 00 00 00 20 63 7f b7 00 88 ff ff ........ c......
60 d4 55 81 ff ff ff ff 30 d9 55 81 ff ff ff ff `.U.....0.U.....
backtrace:
[<ffffffff816444be>] kmemleak_alloc+0x4e/0xb0
[<ffffffff811845af>] __kmalloc+0xef/0x260
[<ffffffff81534028>] sock_kmalloc+0x38/0x60
[<ffffffff8155d4dd>] sk_attach_filter+0x5d/0x190
[<ffffffff815378a1>] sock_setsockopt+0x991/0x9e0
[<ffffffff81531bd6>] SyS_setsockopt+0xb6/0xd0
[<ffffffff8165f3e9>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
v2: add extra { } after else
Fixes: d45ed4a4e33a ("net: fix unsafe set_memory_rw from softirq")
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/net/bpf_jit_comp.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -788,5 +788,7 @@ void bpf_jit_free(struct sk_filter *fp)
if (fp->bpf_func != sk_run_filter) {
INIT_WORK(&fp->work, bpf_jit_free_deferred);
schedule_work(&fp->work);
+ } else {
+ kfree(fp);
}
}
next prev parent reply other threads:[~2013-12-06 21:50 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-06 21:50 [PATCH 3.12 00/83] 3.12.4-stable review Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 01/83] net: mv643xx_eth: Add missing phy_addr_set in DT mode Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 02/83] net: mv643xx_eth: potential NULL dereference in probe() Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 03/83] ipv6: fix headroom calculation in udp6_ufo_fragment Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 04/83] bonding: RCUify bond_set_rx_mode() Greg Kroah-Hartman
2013-12-06 21:50 ` Greg Kroah-Hartman [this message]
2013-12-06 21:50 ` [PATCH 3.12 06/83] net/mlx4_en: Fixed crash when port type is changed Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 07/83] net: Fix "ip rule delete table 256" Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 08/83] ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv Greg Kroah-Hartman
2013-12-06 21:50 ` [PATCH 3.12 09/83] ipv6: protect for_each_sk_fl_rcu in mem_check with rcu_read_lock_bh Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 10/83] random32: fix off-by-one in seeding requirement Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 11/83] bonding: dont permit to use ARP monitoring in 802.3ad mode Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 12/83] usbnet: fix status interrupt urb handling Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 13/83] core/dev: do not ignore dmac in dev_forward_skb() Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 14/83] 6lowpan: Uncompression of traffic class field was incorrect Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 15/83] tuntap: limit head length of skb allocated Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 16/83] macvtap: " Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 17/83] tcp: tsq: restore minimal amount of queueing Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 18/83] bonding: fix two race conditions in bond_store_updelay/downdelay Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 19/83] net-tcp: fix panic in tcp_fastopen_cache_set() Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 20/83] sit: fix use after free of fb_tunnel_dev Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 21/83] isdnloop: use strlcpy() instead of strcpy() Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 22/83] ip6tnl: fix use after free of fb_tnl_dev Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 23/83] pkt_sched: fq: change classification of control packets Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 24/83] connector: improved unaligned access error fix Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 25/83] ipv4: fix possible seqlock deadlock Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 26/83] pkt_sched: fq: warn users using defrate Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 27/83] pkt_sched: fq: fix pacing for small frames Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 28/83] inet: prevent leakage of uninitialized memory to user in recv syscalls Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 29/83] ping: prevent NULL pointer dereference on write to msg_name Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 30/83] net: rework recvmsg handler msg_name and msg_namelen logic Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 31/83] net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 32/83] inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 33/83] net: clamp ->msg_namelen instead of returning an error Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 34/83] ipv6: fix leaking uninitialized port number of offender sockaddr Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 35/83] ipv6: Fix inet6_init() cleanup order Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 36/83] ip6_output: fragment outgoing reassembled skb properly Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 37/83] netfilter: push reasm skb through instead of original frag skbs Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 38/83] xfrm: Release dst if this dst is improper for vti tunnel Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 39/83] atm: idt77252: fix dev refcnt leak Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 40/83] tcp: dont update snd_nxt, when a socket is switched from repair mode Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 41/83] ipv4: fix race in concurrent ip_route_input_slow() Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 42/83] net: core: Always propagate flag changes to interfaces Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 43/83] bridge: flush brs address entry in fdb when remove the bridge dev Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 44/83] packet: fix use after free race in send path when dev is released Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 45/83] af_packet: block BH in prb_shutdown_retire_blk_timer() Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 46/83] gso: handle new frag_list of frags GRO packets Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 47/83] gro: Only verify TCP checksums for candidates Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 48/83] gro: Clean up tcpX_gro_receive checksum verification Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 49/83] sch_tbf: handle too small burst Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 50/83] xen-netback: include definition of csum_ipv6_magic Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 51/83] via-velocity: fix netif_receive_skb use in irq disabled section Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 52/83] r8169: check ALDPS bit and disable it if enabled for the 8168g Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 53/83] net: 8139cp: fix a BUG_ON triggered by wrong bytes_compl Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 54/83] net: smc91: fix crash regression on the versatile Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 55/83] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 56/83] team: fix master carrier set when user linkup is enabled Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 57/83] inet: fix possible seqlock deadlocks Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 58/83] ipv6: fix possible seqlock deadlock in ip6_finish_output2 Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 59/83] {pktgen, xfrm} Update IPv4 header total len and checksum after tranformation Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 60/83] xfrm: Fix null pointer dereference when decoding sessions Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 61/83] xfs: add capability check to free eofblocks ioctl Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 62/83] mm: numa: return the number of base pages altered by protection changes Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 63/83] md/raid5: Use conf->device_lock protect changing of multi-thread resources Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 64/83] usb: musb: davinci: fix resources passed to MUSB driver for DM6467 Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 65/83] usb: wusbcore: change WA_SEGS_MAX to a legal value Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 66/83] video: kyro: fix incorrect sizes when copying to userspace Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 67/83] HID: lg: fix Report Descriptor for Logitech MOMO Force (Black) Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 68/83] HID: hid-elo: some systems cannot stomach work around Greg Kroah-Hartman
2013-12-06 21:51 ` [PATCH 3.12 69/83] iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 70/83] iommu: Remove stack trace from broken irq remapping warning Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 71/83] rt2800: add support for radio chip RF3070 Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 72/83] elevator: Fix a race in elevator switching and md device initialization Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 73/83] elevator: acquire q->sysfs_lock in elevator_change() Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 74/83] ntp: Make periodic RTC update more reliable Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 75/83] aio: Fix a trinity splat Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 76/83] take anon inode allocation to libfs.c Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 77/83] rework aio migrate pages to use aio fs Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 78/83] aio: checking for NULL instead of IS_ERR Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 79/83] aio: prevent double free in ioctx_alloc Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 80/83] aio: nullify aio->ring_pages after freeing it Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 81/83] aio: clean up aio ring in the fail path Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 82/83] drm/radeon/audio: improve ACR calculation Greg Kroah-Hartman
2013-12-06 21:52 ` [PATCH 3.12 83/83] drm/radeon/audio: correct ACR table Greg Kroah-Hartman
2013-12-06 22:52 ` [PATCH 3.12 00/83] 3.12.4-stable review Holger Hoffstätte
2013-12-07 17:01 ` Greg KH
2013-12-07 6:44 ` Guenter Roeck
2013-12-07 17:00 ` Greg Kroah-Hartman
2013-12-07 22:15 ` Shuah Khan
2013-12-07 23:17 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131206214640.578168115@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ast@plumgrid.com \
--cc=avagin@openvz.org \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).