Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree
@ 2017-07-17 16:52 gregkh
  2017-07-17 18:32 ` Eduardo Valentin
  0 siblings, 1 reply; 4+ messages in thread
From: gregkh @ 2017-07-17 16:52 UTC (permalink / raw)
  To: eduval, davem, gregkh, vallish; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    bridge: mdb: fix leak on complete_info ptr on fail path

to the 4.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch
and it can be found in the queue-4.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From foo@baz Mon Jul 17 18:46:41 CEST 2017
From: Eduardo Valentin <eduval@amazon.com>
Date: Tue, 11 Jul 2017 14:55:12 -0700
Subject: bridge: mdb: fix leak on complete_info ptr on fail path

From: Eduardo Valentin <eduval@amazon.com>


[ Upstream commit 1bfb159673957644951ab0a8d2aec44b93ddb1ae ]

We currently get the following kmemleak report:
unreferenced object 0xffff8800039d9820 (size 32):
  comm "softirq", pid 0, jiffies 4295212383 (age 792.416s)
  hex dump (first 32 bytes):
    00 0c e0 03 00 88 ff ff ff 02 00 00 00 00 00 00  ................
    00 00 00 01 ff 11 00 02 86 dd 00 00 ff ff ff ff  ................
  backtrace:
    [<ffffffff8152b4aa>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff811d8ec8>] kmem_cache_alloc_trace+0xb8/0x1c0
    [<ffffffffa0389683>] __br_mdb_notify+0x2a3/0x300 [bridge]
    [<ffffffffa038a0ce>] br_mdb_notify+0x6e/0x70 [bridge]
    [<ffffffffa0386479>] br_multicast_add_group+0x109/0x150 [bridge]
    [<ffffffffa0386518>] br_ip6_multicast_add_group+0x58/0x60 [bridge]
    [<ffffffffa0387fb5>] br_multicast_rcv+0x1d5/0xdb0 [bridge]
    [<ffffffffa037d7cf>] br_handle_frame_finish+0xcf/0x510 [bridge]
    [<ffffffffa03a236b>] br_nf_hook_thresh.part.27+0xb/0x10 [br_netfilter]
    [<ffffffffa03a3738>] br_nf_hook_thresh+0x48/0xb0 [br_netfilter]
    [<ffffffffa03a3fb9>] br_nf_pre_routing_finish_ipv6+0x109/0x1d0 [br_netfilter]
    [<ffffffffa03a4400>] br_nf_pre_routing_ipv6+0xd0/0x14c [br_netfilter]
    [<ffffffffa03a3c27>] br_nf_pre_routing+0x197/0x3d0 [br_netfilter]
    [<ffffffff814a2952>] nf_iterate+0x52/0x60
    [<ffffffff814a29bc>] nf_hook_slow+0x5c/0xb0
    [<ffffffffa037ddf4>] br_handle_frame+0x1a4/0x2c0 [bridge]

This happens when switchdev_port_obj_add() fails. This patch
frees complete_info object in the fail path.

Reviewed-by: Vallish Vaidyeshwara <vallish@amazon.com>
Signed-off-by: Eduardo Valentin <eduval@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/bridge/br_mdb.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -323,7 +323,8 @@ static void __br_mdb_notify(struct net_d
 			__mdb_entry_to_br_ip(entry, &complete_info->ip);
 			mdb.obj.complete_priv = complete_info;
 			mdb.obj.complete = br_mdb_complete;
-			switchdev_port_obj_add(port_dev, &mdb.obj);
+			if (switchdev_port_obj_add(port_dev, &mdb.obj))
+				kfree(complete_info);
 		}
 	} else if (port_dev && type == RTM_DELMDB) {
 		switchdev_port_obj_del(port_dev, &mdb.obj);


Patches currently in stable-queue which might be from eduval@amazon.com are

queue-4.12/bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree
  2017-07-17 16:52 Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree gregkh
@ 2017-07-17 18:32 ` Eduardo Valentin
  2017-07-18  7:35   ` Greg KH
  0 siblings, 1 reply; 4+ messages in thread
From: Eduardo Valentin @ 2017-07-17 18:32 UTC (permalink / raw)
  To: gregkh; +Cc: eduval, davem, vallish, stable, stable-commits

Greg,


On Mon, Jul 17, 2017 at 06:52:21PM +0200, gregkh@linuxfoundation.org wrote:
> 
> This is a note to let you know that I've just added the patch titled
> 
>     bridge: mdb: fix leak on complete_info ptr on fail path
> 
> to the 4.12-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch
> and it can be found in the queue-4.12 subdirectory.

Can we get this patch also in the 4.9.y queue?

Thanks in advance.

> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
> 
> 
> From foo@baz Mon Jul 17 18:46:41 CEST 2017
> From: Eduardo Valentin <eduval@amazon.com>
> Date: Tue, 11 Jul 2017 14:55:12 -0700
> Subject: bridge: mdb: fix leak on complete_info ptr on fail path
> 
> From: Eduardo Valentin <eduval@amazon.com>
> 
> 
> [ Upstream commit 1bfb159673957644951ab0a8d2aec44b93ddb1ae ]
> 
> We currently get the following kmemleak report:
> unreferenced object 0xffff8800039d9820 (size 32):
>   comm "softirq", pid 0, jiffies 4295212383 (age 792.416s)
>   hex dump (first 32 bytes):
>     00 0c e0 03 00 88 ff ff ff 02 00 00 00 00 00 00  ................
>     00 00 00 01 ff 11 00 02 86 dd 00 00 ff ff ff ff  ................
>   backtrace:
>     [<ffffffff8152b4aa>] kmemleak_alloc+0x4a/0xa0
>     [<ffffffff811d8ec8>] kmem_cache_alloc_trace+0xb8/0x1c0
>     [<ffffffffa0389683>] __br_mdb_notify+0x2a3/0x300 [bridge]
>     [<ffffffffa038a0ce>] br_mdb_notify+0x6e/0x70 [bridge]
>     [<ffffffffa0386479>] br_multicast_add_group+0x109/0x150 [bridge]
>     [<ffffffffa0386518>] br_ip6_multicast_add_group+0x58/0x60 [bridge]
>     [<ffffffffa0387fb5>] br_multicast_rcv+0x1d5/0xdb0 [bridge]
>     [<ffffffffa037d7cf>] br_handle_frame_finish+0xcf/0x510 [bridge]
>     [<ffffffffa03a236b>] br_nf_hook_thresh.part.27+0xb/0x10 [br_netfilter]
>     [<ffffffffa03a3738>] br_nf_hook_thresh+0x48/0xb0 [br_netfilter]
>     [<ffffffffa03a3fb9>] br_nf_pre_routing_finish_ipv6+0x109/0x1d0 [br_netfilter]
>     [<ffffffffa03a4400>] br_nf_pre_routing_ipv6+0xd0/0x14c [br_netfilter]
>     [<ffffffffa03a3c27>] br_nf_pre_routing+0x197/0x3d0 [br_netfilter]
>     [<ffffffff814a2952>] nf_iterate+0x52/0x60
>     [<ffffffff814a29bc>] nf_hook_slow+0x5c/0xb0
>     [<ffffffffa037ddf4>] br_handle_frame+0x1a4/0x2c0 [bridge]
> 
> This happens when switchdev_port_obj_add() fails. This patch
> frees complete_info object in the fail path.
> 
> Reviewed-by: Vallish Vaidyeshwara <vallish@amazon.com>
> Signed-off-by: Eduardo Valentin <eduval@amazon.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  net/bridge/br_mdb.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> --- a/net/bridge/br_mdb.c
> +++ b/net/bridge/br_mdb.c
> @@ -323,7 +323,8 @@ static void __br_mdb_notify(struct net_d
>  			__mdb_entry_to_br_ip(entry, &complete_info->ip);
>  			mdb.obj.complete_priv = complete_info;
>  			mdb.obj.complete = br_mdb_complete;
> -			switchdev_port_obj_add(port_dev, &mdb.obj);
> +			if (switchdev_port_obj_add(port_dev, &mdb.obj))
> +				kfree(complete_info);
>  		}
>  	} else if (port_dev && type == RTM_DELMDB) {
>  		switchdev_port_obj_del(port_dev, &mdb.obj);
> 
> 
> Patches currently in stable-queue which might be from eduval@amazon.com are
> 
> queue-4.12/bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch

-- 
All the best,
Eduardo Valentin

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree
  2017-07-17 18:32 ` Eduardo Valentin
@ 2017-07-18  7:35   ` Greg KH
  2017-07-18  8:07     ` Greg KH
  0 siblings, 1 reply; 4+ messages in thread
From: Greg KH @ 2017-07-18  7:35 UTC (permalink / raw)
  To: Eduardo Valentin; +Cc: davem, vallish, stable, stable-commits

On Mon, Jul 17, 2017 at 11:32:07AM -0700, Eduardo Valentin wrote:
> Greg,
> 
> 
> On Mon, Jul 17, 2017 at 06:52:21PM +0200, gregkh@linuxfoundation.org wrote:
> > 
> > This is a note to let you know that I've just added the patch titled
> > 
> >     bridge: mdb: fix leak on complete_info ptr on fail path
> > 
> > to the 4.12-stable tree which can be found at:
> >     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > 
> > The filename of the patch is:
> >      bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch
> > and it can be found in the queue-4.12 subdirectory.
> 
> Can we get this patch also in the 4.9.y queue?

Yes, please wait, I'm working on seeing what else needs to be backported
to older stable kernels at the moment...

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree
  2017-07-18  7:35   ` Greg KH
@ 2017-07-18  8:07     ` Greg KH
  0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2017-07-18  8:07 UTC (permalink / raw)
  To: Eduardo Valentin; +Cc: davem, vallish, stable, stable-commits

On Tue, Jul 18, 2017 at 09:35:54AM +0200, Greg KH wrote:
> On Mon, Jul 17, 2017 at 11:32:07AM -0700, Eduardo Valentin wrote:
> > Greg,
> > 
> > 
> > On Mon, Jul 17, 2017 at 06:52:21PM +0200, gregkh@linuxfoundation.org wrote:
> > > 
> > > This is a note to let you know that I've just added the patch titled
> > > 
> > >     bridge: mdb: fix leak on complete_info ptr on fail path
> > > 
> > > to the 4.12-stable tree which can be found at:
> > >     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> > > 
> > > The filename of the patch is:
> > >      bridge-mdb-fix-leak-on-complete_info-ptr-on-fail-path.patch
> > > and it can be found in the queue-4.12 subdirectory.
> > 
> > Can we get this patch also in the 4.9.y queue?
> 
> Yes, please wait, I'm working on seeing what else needs to be backported
> to older stable kernels at the moment...

Now queued up, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-07-18  8:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-17 16:52 Patch "bridge: mdb: fix leak on complete_info ptr on fail path" has been added to the 4.12-stable tree gregkh
2017-07-17 18:32 ` Eduardo Valentin
2017-07-18  7:35   ` Greg KH
2017-07-18  8:07     ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox