OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Eric Dumazet 196a9a408c vlan: fix memory leak in vlan_dev_set_egress_priority 
[ Upstream commit 9bbd917e0b ]

There are few cases where the ndo_uninit() handler might be not
called if an error happens while device is initialized.

Since vlan_newlink() calls vlan_changelink() before
trying to register the netdevice, we need to make sure
vlan_dev_uninit() has been called at least once,
or we might leak allocated memory.

BUG: memory leak
unreferenced object 0xffff888122a206c0 (size 32):
  comm "syz-executor511", pid 7124, jiffies 4294950399 (age 32.240s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 61 73 00 00 00 00 00 00 00 00  ......as........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000000eb3bb85>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000000eb3bb85>] slab_post_alloc_hook mm/slab.h:586 [inline]
    [<000000000eb3bb85>] slab_alloc mm/slab.c:3320 [inline]
    [<000000000eb3bb85>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
    [<000000007b99f620>] kmalloc include/linux/slab.h:556 [inline]
    [<000000007b99f620>] vlan_dev_set_egress_priority+0xcc/0x150 net/8021q/vlan_dev.c:194
    [<000000007b0cb745>] vlan_changelink+0xd6/0x140 net/8021q/vlan_netlink.c:126
    [<0000000065aba83a>] vlan_newlink+0x135/0x200 net/8021q/vlan_netlink.c:181
    [<00000000fb5dd7a2>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3305
    [<00000000ae4273a1>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3363
    [<00000000decab39f>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5424
    [<00000000accba4ee>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
    [<00000000319fe20f>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
    [<00000000d51938dc>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
    [<00000000d51938dc>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
    [<00000000e539ac79>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
    [<000000006250c27e>] sock_sendmsg_nosec net/socket.c:639 [inline]
    [<000000006250c27e>] sock_sendmsg+0x54/0x70 net/socket.c:659
    [<00000000e2a156d1>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
    [<000000008c87466e>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
    [<00000000110e3054>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
    [<00000000d71077c8>] __do_sys_sendmsg net/socket.c:2426 [inline]
    [<00000000d71077c8>] __se_sys_sendmsg net/socket.c:2424 [inline]
    [<00000000d71077c8>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424

Fixe: 07b5b17e15 ("[VLAN]: Use rtnl_link API")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-01-12 12:21:49 +01:00
..
6lowpan
9p
802
8021q vlan: fix memory leak in vlan_dev_set_egress_priority 2020-01-12 12:21:49 +01:00
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: Fix memory leak in hci_connect_le_scan 2020-01-09 10:20:04 +01:00
bpf
bpfilter
bridge net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
caif
can can: j1939: j1939_sk_bind(): take priv after lock is held 2019-12-31 16:45:56 +01:00
ceph
core bpf: Clear skb->tstamp in bpf_redirect when necessary 2020-01-12 12:21:31 +01:00
dcb
dccp
decnet net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
dns_resolver
dsa
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: fix a race condition in node list insertion and deletion 2020-01-09 10:20:07 +01:00
ieee802154
ife
ipv4 tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK 2020-01-12 12:21:48 +01:00
ipv6 ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set 2020-01-04 19:19:17 +01:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) 2020-01-12 12:21:45 +01:00
mac80211 mac80211: fix TID field in monitor mode transmit 2020-01-12 12:21:28 +01:00
mac802154
mpls
ncsi
netfilter netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions 2020-01-12 12:21:18 +01:00
netlabel
netlink
netrom
nfc
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:21:33 +01:00
rose
rxrpc
sched net: sch_prio: When ungrafting, replace with FIFO 2020-01-12 12:21:49 +01:00
sctp sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY 2020-01-12 12:21:48 +01:00
smc net/smc: add fallback check to connect() 2020-01-04 19:18:37 +01:00
strparser
sunrpc sunrpc: fix crash when cache_head become valid before update 2020-01-09 10:20:01 +01:00
switchdev
tipc
tls
unix
vmw_vsock
wimax
wireless cfg80211: fix double-free after changing network namespace 2020-01-12 12:21:28 +01:00
x25
xdp xsk: Add rcu_read_lock around the XSK wakeup 2020-01-12 12:21:41 +01:00
xfrm
Kconfig
Makefile
compat.c
socket.c net: make socket read/write_iter() honor IOCB_NOWAIT 2020-01-09 10:19:47 +01:00
sysctl_net.c