linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 20:22:13 +08:00

History

Pedro Tammela 1b483d9f58 net/sched: act_pedit: free pedit keys on bail from offset check Ido Schimmel reports a memleak on a syzkaller instance: BUG: memory leak unreferenced object 0xffff88803d45e400 (size 1024): comm "syz-executor292", pid 563, jiffies 4295025223 (age 51.781s) hex dump (first 32 bytes): 28 bd 70 00 fb db df 25 02 00 14 1f ff 02 00 02 (.p....%........ 00 32 00 00 1f 00 00 00 ac 14 14 3e 08 00 07 00 .2.........>.... backtrace: [<ffffffff81bd0f2c>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [<ffffffff81bd0f2c>] slab_post_alloc_hook mm/slab.h:772 [inline] [<ffffffff81bd0f2c>] slab_alloc_node mm/slub.c:3452 [inline] [<ffffffff81bd0f2c>] __kmem_cache_alloc_node+0x25c/0x320 mm/slub.c:3491 [<ffffffff81a865d9>] __do_kmalloc_node mm/slab_common.c:966 [inline] [<ffffffff81a865d9>] __kmalloc+0x59/0x1a0 mm/slab_common.c:980 [<ffffffff83aa85c3>] kmalloc include/linux/slab.h:584 [inline] [<ffffffff83aa85c3>] tcf_pedit_init+0x793/0x1ae0 net/sched/act_pedit.c:245 [<ffffffff83a90623>] tcf_action_init_1+0x453/0x6e0 net/sched/act_api.c:1394 [<ffffffff83a90e58>] tcf_action_init+0x5a8/0x950 net/sched/act_api.c:1459 [<ffffffff83a96258>] tcf_action_add+0x118/0x4e0 net/sched/act_api.c:1985 [<ffffffff83a96997>] tc_ctl_action+0x377/0x490 net/sched/act_api.c:2044 [<ffffffff83920a8d>] rtnetlink_rcv_msg+0x46d/0xd70 net/core/rtnetlink.c:6395 [<ffffffff83b24305>] netlink_rcv_skb+0x185/0x490 net/netlink/af_netlink.c:2575 [<ffffffff83901806>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6413 [<ffffffff83b21cae>] netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] [<ffffffff83b21cae>] netlink_unicast+0x5be/0x8a0 net/netlink/af_netlink.c:1365 [<ffffffff83b2293f>] netlink_sendmsg+0x9af/0xed0 net/netlink/af_netlink.c:1942 [<ffffffff8380c39f>] sock_sendmsg_nosec net/socket.c:724 [inline] [<ffffffff8380c39f>] sock_sendmsg net/socket.c:747 [inline] [<ffffffff8380c39f>] ____sys_sendmsg+0x3ef/0xaa0 net/socket.c:2503 [<ffffffff838156d2>] ___sys_sendmsg+0x122/0x1c0 net/socket.c:2557 [<ffffffff8381594f>] __sys_sendmsg+0x11f/0x200 net/socket.c:2586 [<ffffffff83815ab0>] __do_sys_sendmsg net/socket.c:2595 [inline] [<ffffffff83815ab0>] __se_sys_sendmsg net/socket.c:2593 [inline] [<ffffffff83815ab0>] __x64_sys_sendmsg+0x80/0xc0 net/socket.c:2593 The recently added static offset check missed a free to the key buffer when bailing out on error. Fixes: `e1201bc781` ("net/sched: act_pedit: check static offsets a priori") Reported-by: Ido Schimmel <idosch@idosch.org> Signed-off-by: Pedro Tammela <pctammela@mojatatu.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Tested-by: Ido Schimmel <idosch@nvidia.com> Link: https://lore.kernel.org/r/20230425144725.669262-1-pctammela@mojatatu.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>		2023-04-27 11:43:29 +02:00
..
6lowpan	6lowpan: Remove redundant initialisation.	2023-03-29 08:22:52 +01:00
9p	9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition	2023-04-02 01:00:31 +00:00
802
8021q	vlan: Add MACsec offload operations for VLAN interface	2023-04-21 08:22:14 +01:00
appletalk
atm	Networking changes for 6.4.	2023-04-26 16:07:23 -07:00
ax25
batman-adv	net: vlan: introduce skb_vlan_eth_hdr()	2023-04-23 14:16:44 +01:00
bluetooth	Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running	2023-04-23 22:07:43 -07:00
bpf	bpf: add test_run support for netfilter program type	2023-04-21 11:34:50 -07:00
bpfilter
bridge	bridge: Allow setting per-{Port, VLAN} neighbor suppression state	2023-04-21 08:25:50 +01:00
caif	net: caif: Fix use-after-free in cfusbl_device_notify()	2023-03-02 22:22:07 -08:00
can	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-06 12:01:20 -07:00
ceph	Networking changes for 6.3.	2023-02-21 18:24:12 -08:00
core	Networking changes for 6.4.	2023-04-26 16:07:23 -07:00
dcb	net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps	2023-01-20 09:33:22 +00:00
dccp	netfilter: keep conntrack reference until IPsecv6 policy checks are done	2023-03-22 21:50:23 +01:00
devlink	devlink: drop leftover duplicate/unused code	2023-02-20 11:38:35 +00:00
dns_resolver
dsa	net: dsa: tag_ocelot: call only the relevant portion of __skb_vlan_pop() on TX	2023-04-23 14:16:45 +01:00
ethernet
ethtool	net: ethtool: coalesce: try to make user settings stick twice	2023-04-24 18:09:49 -07:00
handshake	net/handshake: Fix section mismatch in handshake_exit	2023-04-21 20:24:57 -07:00
hsr	hsr: ratelimit only when errors are printed	2023-03-16 21:11:03 -07:00
ieee802154	net: ieee802154: remove an unnecessary null pointer check	2023-03-17 09:13:53 +01:00
ife
ipv4	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-26 10:17:46 +02:00
ipv6	net: dst: fix missing initialization of rt_uncached	2023-04-21 20:26:56 -07:00
iucv	net/iucv: Fix size of interrupt data	2023-03-16 17:34:40 -07:00
kcm	net/sock: Introduce trace_sk_data_ready()	2023-01-23 11:26:50 +00:00
key	af_key: Fix heap information leak	2023-02-13 09:30:14 +00:00
l2tp	l2tp: generate correct module alias strings	2023-03-31 09:25:12 +01:00
l3mdev
lapb
llc
mac80211	wireless-next patches for v6.4	2023-04-21 07:35:51 -07:00
mac802154	mac802154: Rename kfree_rcu() to kvfree_rcu_mightsleep()	2023-04-05 13:48:04 +00:00
mctp	mctp: remove MODULE_LICENSE in non-modules	2023-03-09 23:06:21 -08:00
mpls	net: mpls: fix stale pointer if allocation fails during device rename	2023-02-15 10:26:37 +00:00
mptcp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-20 16:29:51 -07:00
ncsi	net: Use of_property_read_bool() for boolean properties	2023-03-16 17:41:28 +00:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-26 10:17:46 +02:00
netlabel
netlink	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-26 10:17:46 +02:00
netrom	netrom: Fix use-after-free caused by accept on already connected socket	2023-01-30 07:30:47 +00:00
nfc	nfc: change order inside nfc_se_io error path	2023-03-07 13:37:05 -08:00
nsh
openvswitch	net: openvswitch: fix race on port output	2023-04-07 19:42:53 -07:00
packet	net/packet: support mergeable feature of virtio	2023-04-21 12:01:58 +01:00
phonet	net/sock: Introduce trace_sk_data_ready()	2023-01-23 11:26:50 +00:00
psample
qrtr	net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()	2023-04-13 09:35:30 +02:00
rds	rds: rds_rm_zerocopy_callback() correct order for list_add_tail()	2023-02-13 09:33:39 +00:00
rfkill	net: rfkill-gpio: Add explicit include for of.h	2023-04-06 20:36:27 +02:00
rose	net/rose: Fix to not accept on connected socket	2023-01-28 00:19:57 -08:00
rxrpc	rxrpc: Fix potential data race in rxrpc_wait_to_be_connected()	2023-04-27 09:17:41 +02:00
sched	net/sched: act_pedit: free pedit keys on bail from offset check	2023-04-27 11:43:29 +02:00
sctp	sctp: delete the nested flexible array hmac	2023-04-21 08:19:30 +01:00
smc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-13 16:04:28 -07:00
strparser
sunrpc	nfsd-6.3 fixes:	2023-04-19 07:29:33 -07:00
switchdev
tipc	Networking changes for 6.3.	2023-02-21 18:24:12 -08:00
tls	net: tls: fix device-offloaded sendpage straddling records	2023-03-06 13:26:16 -08:00
unix	af_unix: annotate lockless accesses to sk->sk_err	2023-03-17 08:25:05 +00:00
vmw_vsock	vsock/loopback: don't disable irqs for queue access	2023-04-14 11:04:04 +01:00
wireless	Merge wireless/main into wireless-next/main	2023-03-31 11:07:40 +02:00
x25	net/x25: Fix to not accept on connected socket	2023-01-25 09:51:04 +00:00
xdp	bpf-next-for-netdev	2023-04-13 16:43:38 -07:00
xfrm	ipsec-next-2023-04-19	2023-04-19 18:46:17 -07:00
compat.c	net/compat: Update msg_control_is_user when setting a kernel pointer	2023-04-14 11:09:27 +01:00
devres.c
Kconfig	net/handshake: Add Kunit tests for the handshake consumer API	2023-04-19 18:48:48 -07:00
Kconfig.debug
Makefile	net/handshake: Create a NETLINK service for handling handshake requests	2023-04-19 18:48:48 -07:00
socket.c	net: skbuff: hide wifi_acked when CONFIG_WIRELESS not set	2023-04-19 13:04:30 +01:00
sysctl_net.c