[PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag
@ 2024-03-19 17:00 Maximilian Heyne
  2024-03-19 17:04 ` kernel test robot
  2024-03-19 18:57 ` David Sterba
  0 siblings, 2 replies; 4+ messages in thread
From: Maximilian Heyne @ 2024-03-19 17:00 UTC (permalink / raw)
  Cc: Maximilian Heyne, stable, Chris Mason, Josef Bacik, David Sterba,
	Filipe Manana, Qu Wenruo, linux-btrfs, linux-kernel

Prior to commit c853a5783ebe ("btrfs: allocate
btrfs_ioctl_defrag_range_args on stack") range is allocated on the heap
and must be freed. However, commit 173431b274a9 ("btrfs: defrag: reject
unknown flags of btrfs_ioctl_defrag_range_args") didn't take care of
this when it was backported to kernel < 5.15.

Add a kfree on the error path for stable kernels that lack
commit c853a5783ebe ("btrfs: allocate btrfs_ioctl_defrag_range_args on
stack").

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: 173431b274a9 ("btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args")
CC: stable@vger.kernel.org
Signed-off-by: Maximilian Heyne <mheyne@amazon.de>
---
 fs/btrfs/ioctl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 049b837934e5..adc6c4f2b53c 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3195,6 +3195,7 @@ static int btrfs_ioctl_defrag(struct file *file, void __user *argp)
 			}
 			if (range->flags & ~BTRFS_DEFRAG_RANGE_FLAGS_SUPP) {
 				ret = -EOPNOTSUPP;
+				kfree(range);
 				goto out;
 			}
 			/* compression requires us to start the IO */
-- 
2.40.1

Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag
  2024-03-19 17:00 [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag Maximilian Heyne
@ 2024-03-19 17:04 ` kernel test robot
  2024-03-19 18:57 ` David Sterba
  1 sibling, 0 replies; 4+ messages in thread
From: kernel test robot @ 2024-03-19 17:04 UTC (permalink / raw)
  To: Maximilian Heyne; +Cc: stable, oe-kbuild-all

Hi,

Thanks for your patch.

FYI: kernel test robot notices the stable kernel rule is not satisfied.

The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#option-3

Rule: The upstream commit ID must be specified with a separate line above the commit text.
Subject: [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag
Link: https://lore.kernel.org/stable/20240319170055.17942-1-mheyne%40amazon.de

Please ignore this mail if the patch is not relevant for upstream.

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag
  2024-03-19 17:00 [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag Maximilian Heyne
  2024-03-19 17:04 ` kernel test robot
@ 2024-03-19 18:57 ` David Sterba
  2024-03-20  9:27   ` Maximilian Heyne
  1 sibling, 1 reply; 4+ messages in thread
From: David Sterba @ 2024-03-19 18:57 UTC (permalink / raw)
  To: Maximilian Heyne
  Cc: stable, Chris Mason, Josef Bacik, David Sterba, Filipe Manana,
	Qu Wenruo, linux-btrfs, linux-kernel

On Tue, Mar 19, 2024 at 05:00:55PM +0000, Maximilian Heyne wrote:
> Prior to commit c853a5783ebe ("btrfs: allocate
> btrfs_ioctl_defrag_range_args on stack") range is allocated on the heap
> and must be freed. However, commit 173431b274a9 ("btrfs: defrag: reject
> unknown flags of btrfs_ioctl_defrag_range_args") didn't take care of
> this when it was backported to kernel < 5.15.
> 
> Add a kfree on the error path for stable kernels that lack
> commit c853a5783ebe ("btrfs: allocate btrfs_ioctl_defrag_range_args on
> stack").
> 
> This bug was discovered and resolved using Coverity Static Analysis
> Security Testing (SAST) by Synopsys, Inc.

Good catch, thanks.

The affected versions are as you say 4.19, 5.4, 5.15, the fixup is
sufficient and minimal fix, c853a5783ebe is reasonably safe for backport
too.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag
  2024-03-19 18:57 ` David Sterba
@ 2024-03-20  9:27   ` Maximilian Heyne
  0 siblings, 0 replies; 4+ messages in thread
From: Maximilian Heyne @ 2024-03-20  9:27 UTC (permalink / raw)
  To: David Sterba
  Cc: stable, Chris Mason, Josef Bacik, David Sterba, Filipe Manana,
	Qu Wenruo, linux-btrfs, linux-kernel

On Tue, Mar 19, 2024 at 07:57:11PM +0100, David Sterba wrote:
> 
> On Tue, Mar 19, 2024 at 05:00:55PM +0000, Maximilian Heyne wrote:
> > Prior to commit c853a5783ebe ("btrfs: allocate
> > btrfs_ioctl_defrag_range_args on stack") range is allocated on the heap
> > and must be freed. However, commit 173431b274a9 ("btrfs: defrag: reject
> > unknown flags of btrfs_ioctl_defrag_range_args") didn't take care of
> > this when it was backported to kernel < 5.15.
> >
> > Add a kfree on the error path for stable kernels that lack
> > commit c853a5783ebe ("btrfs: allocate btrfs_ioctl_defrag_range_args on
> > stack").
> >
> > This bug was discovered and resolved using Coverity Static Analysis
> > Security Testing (SAST) by Synopsys, Inc.
> 
> Good catch, thanks.
> 
> The affected versions are as you say 4.19, 5.4, 5.15, the fixup is

I had a typo. Should go to 5.10 because c853a5783ebe is already in 5.15.

> sufficient and minimal fix, c853a5783ebe is reasonably safe for backport
> too.

I think you're right. To avoid divergence it might be better to simply
backport c853a5783ebe. Let me send this out.



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-03-20  9:27 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-19 17:00 [PATCH 4.19 5.4 5.15] btrfs: defrag: fix memory leak in btrfs_ioctl_defrag Maximilian Heyne
2024-03-19 17:04 ` kernel test robot
2024-03-19 18:57 ` David Sterba
2024-03-20  9:27   ` Maximilian Heyne

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).