| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220514120904.xbbfyne32lp47t2p@riteshh-domain>
Date: Sat, 14 May 2022 17:39:04 +0530
From: Ritesh Harjani <ritesh.list@...il.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net,
Lukas Czerner <lczerner@...hat.com>,
Jeff Layton <jlayton@...nel.org>,
Theodore Ts'o <tytso@....edu>, stable@...r.kernel.org,
Jaegeuk Kim <jaegeuk@...nel.org>
Subject: Re: [f2fs-dev] [PATCH v3 1/5] ext4: fix memory leak in
parse_apply_sb_mount_options()
On 22/05/13 04:16PM, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> If processing the on-disk mount options fails after any memory was
> allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is
> leaked. Fix this by calling ext4_fc_free() instead of kfree() directly.
Thanks for splitting the patch. It becomes an easy backport.
>
> Reproducer:
>
> mkfs.ext4 -F /dev/vdc
> tune2fs /dev/vdc -E mount_opts=usrjquota=file
> echo clear > /sys/kernel/debug/kmemleak
> mount /dev/vdc /vdc
> echo scan > /sys/kernel/debug/kmemleak
> sleep 5
> echo scan > /sys/kernel/debug/kmemleak
> cat /sys/kernel/debug/kmemleak
Tested this and as you mentioned this patch fixes the memory leak with
s_qf_names in note_qf_name().
tune2fs 1.46.5 (30-Dec-2021)
Setting extended default mount options to 'usrjquota=file'
unreferenced object 0xffff8881126b9a50 (size 8):
comm "mount", pid 1475, jiffies 4294829180 (age 48.670s)
hex dump (first 8 bytes):
66 69 6c 65 00 6b 6b a5 file.kk.
backtrace:
[<ffffffff8153b09d>] __kmalloc_track_caller+0x17d/0x2f0
[<ffffffff8149b7e8>] kmemdup_nul+0x28/0x70
[<ffffffff81753a75>] note_qf_name.isra.0+0x95/0x180
[<ffffffff817548a8>] ext4_parse_param+0xd48/0x11c0
[<ffffffff8175a131>] ext4_fill_super+0x1cc1/0x6260
[<ffffffff8155edce>] get_tree_bdev+0x24e/0x3a0
[<ffffffff81740355>] ext4_get_tree+0x15/0x20
[<ffffffff8155d3a2>] vfs_get_tree+0x52/0x140
[<ffffffff815a2048>] path_mount+0x3f8/0xf30
[<ffffffff815a2c52>] do_mount+0xd2/0xf0
[<ffffffff815a2e4a>] __x64_sys_mount+0xca/0x110
[<ffffffff82e6674b>] do_syscall_64+0x3b/0x90
[<ffffffff8300007c>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Feel free to add by -
Tested-by: Ritesh Harjani <ritesh.list@...il.com>
-ritesh
>
> Fixes: 7edfd85b1ffd ("ext4: Completely separate options parsing and sb setup")
> Cc: stable@...r.kernel.org
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> ---
> fs/ext4/super.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 1466fbdbc8e34..60fa2f2623e07 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -2625,8 +2625,10 @@ static int parse_apply_sb_mount_options(struct super_block *sb,
> ret = ext4_apply_options(fc, sb);
>
> out_free:
> - kfree(s_ctx);
> - kfree(fc);
> + if (fc) {
> + ext4_fc_free(fc);
> + kfree(fc);
> + }
> kfree(s_mount_opts);
> return ret;
> }
> --
> 2.36.1
>
>
>
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@...ts.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Powered by blists - more mailing lists