lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cc15c3e3-2892-c285-13cd-1356bdce8f59@iogearbox.net>
Date:   Mon, 15 Mar 2021 09:31:19 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     qiang.zhang@...driver.com, ast@...nel.org, andrii@...nel.org
Cc:     dvyukov@...gle.com, linux-kernel@...r.kernel.org,
        syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com
Subject: Re: [PATCH v2] bpf: Fix memory leak in copy_process()

On 3/15/21 9:18 AM, qiang.zhang@...driver.com wrote:
> From: Zqiang <qiang.zhang@...driver.com>

Hello Zqiang, please resend this patch with bpf@...r.kernel.org in Cc, so it
actually reaches the rest of BPF community for review, thanks!

> The syzbot report a memleak follow:
> BUG: memory leak
> unreferenced object 0xffff888101b41d00 (size 120):
>    comm "kworker/u4:0", pid 8, jiffies 4294944270 (age 12.780s)
>    backtrace:
>      [<ffffffff8125dc56>] alloc_pid+0x66/0x560
>      [<ffffffff81226405>] copy_process+0x1465/0x25e0
>      [<ffffffff81227943>] kernel_clone+0xf3/0x670
>      [<ffffffff812281a1>] kernel_thread+0x61/0x80
>      [<ffffffff81253464>] call_usermodehelper_exec_work
>      [<ffffffff81253464>] call_usermodehelper_exec_work+0xc4/0x120
>      [<ffffffff812591c9>] process_one_work+0x2c9/0x600
>      [<ffffffff81259ab9>] worker_thread+0x59/0x5d0
>      [<ffffffff812611c8>] kthread+0x178/0x1b0
>      [<ffffffff8100227f>] ret_from_fork+0x1f/0x30
> 
> unreferenced object 0xffff888110ef5c00 (size 232):
>    comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
>    backtrace:
>      [<ffffffff8154a0cf>] kmem_cache_zalloc
>      [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0
>      [<ffffffff8154a809>] alloc_empty_file+0x69/0x120
>      [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0
>      [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140
>      [<ffffffff81559218>] create_pipe_files+0x138/0x2e0
>      [<ffffffff8126c793>] umd_setup+0x33/0x220
>      [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0
>      [<ffffffff8100227f>] ret_from_fork+0x1f/0x30
> 
> after the UMD process exits, the pipe_to_umh/pipe_from_umh and tgid
> need to be release.
> 
> Fixes: d71fa5c9763c ("bpf: Add kernel module with user mode driver that populates bpffs.")
> Reported-by: syzbot+44908bb56d2bfe56b28e@...kaller.appspotmail.com
> Signed-off-by: Zqiang <qiang.zhang@...driver.com>
> ---
>   v1->v2:
>   Judge whether the pointer variable tgid is valid.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ