Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 18:55:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10282d9daa
linux-stable/net
History
Fedor Pchelkin 70d40674a5 net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 
[ Upstream commit 0c598aed44 ]

Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it is
not freed when an allocation of a key fails.

BUG: memory leak
unreferenced object 0xffff888116668000 (size 632):
  comm "syz-executor231", pid 1090, jiffies 4294844701 (age 18.871s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000defa3494>] kmem_cache_zalloc include/linux/slab.h:654 [inline]
    [<00000000defa3494>] ovs_flow_alloc+0x19/0x180 net/openvswitch/flow_table.c:77
    [<00000000c67d8873>] ovs_flow_cmd_new+0x1de/0xd40 net/openvswitch/datapath.c:957
    [<0000000010a539a8>] genl_family_rcv_msg_doit+0x22d/0x330 net/netlink/genetlink.c:739
    [<00000000dff3302d>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
    [<00000000dff3302d>] genl_rcv_msg+0x328/0x590 net/netlink/genetlink.c:800
    [<000000000286dd87>] netlink_rcv_skb+0x153/0x430 net/netlink/af_netlink.c:2515
    [<0000000061fed410>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
    [<000000009dc0f111>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
    [<000000009dc0f111>] netlink_unicast+0x545/0x7f0 net/netlink/af_netlink.c:1339
    [<000000004a5ee816>] netlink_sendmsg+0x8e7/0xde0 net/netlink/af_netlink.c:1934
    [<00000000482b476f>] sock_sendmsg_nosec net/socket.c:651 [inline]
    [<00000000482b476f>] sock_sendmsg+0x152/0x190 net/socket.c:671
    [<00000000698574ba>] ____sys_sendmsg+0x70a/0x870 net/socket.c:2356
    [<00000000d28d9e11>] ___sys_sendmsg+0xf3/0x170 net/socket.c:2410
    [<0000000083ba9120>] __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439
    [<00000000c00628f8>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46
    [<000000004abfdcf4>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

To fix this the patch rearranges the goto labels to reflect the order of
object allocations and adds appropriate goto statements on the error
paths.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: 68bb10101e ("openvswitch: Fix flow lookup to use unmasked key")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230201210218.361970-1-pchelkin@ispras.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-02-09 11:28:11 +01:00
..
6lowpan net: 6lowpan: constify lowpan_nhc structures 2022-06-09 21:53:28 +02:00
9p use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2022-12-31 13:33:02 +01:00
8021q net: gro: skb_gro_header helper function 2022-08-25 10:33:21 +02:00
appletalk net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
atm net/atm: fix proc_mpc_write incorrect return value 2022-10-15 11:08:36 +01:00
ax25 ax25: move from strlcpy with unused retval to strscpy 2022-08-22 17:55:50 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-22 13:02:10 -07:00
bluetooth use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2022-12-31 13:32:14 +01:00
bpfilter uaccess: remove CONFIG_SET_FS 2022-02-25 09:36:06 +01:00
bridge netfilter: br_netfilter: disable sabotage_in hook after first suppression 2023-02-09 11:28:08 +01:00
caif caif: fix memory leak in cfctrl_linkup_request() 2023-01-12 12:02:33 +01:00
can can: raw: fix CAN FD frame transmissions over CAN XL devices 2023-02-09 11:28:10 +01:00
ceph use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
core skb: Do mix page pool and page referenced frags in GRO 2023-02-09 11:28:05 +01:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-03 08:01:55 -08:00
dccp dccp/tcp: Fixup bhash2 bucket when connect() fails. 2022-11-22 20:15:37 -08:00
dns_resolver
dsa net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path 2022-12-31 13:32:29 +01:00
ethernet net: gro: skb_gro_header helper function 2022-08-25 10:33:21 +02:00
ethtool net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats 2023-01-24 07:24:31 +01:00
hsr hsr: Synchronize sequence number updates. 2022-12-31 13:32:22 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-10-07 09:29:17 +02:00
ife
ipv4 use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
ipv6 ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address 2023-02-09 11:28:09 +01:00
iucv net: keep sk->sk_forward_alloc as small as possible 2022-06-10 16:21:27 -07:00
kcm kcm: close race conditions on sk_receive_queue 2022-11-15 12:42:26 +01:00
key xfrm: Fix oops in __xfrm_state_delete() 2022-11-22 07:14:55 +01:00
l2tp l2tp: prevent lockdep issue in l2tp_tunnel_register() 2023-02-01 08:34:24 +01:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
mac80211 mac80211: Fix MLO address translation for multiple bss case 2023-02-06 08:06:31 +01:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-05 09:53:08 +01:00
mctp net: mctp: purge receive queues on sk destruction 2023-02-06 08:06:34 +01:00
mpls net: Use u64_stats_fetch_begin_irq() for stats fetch. 2022-08-29 13:02:27 +01:00
mptcp mptcp: netlink: respect v4/v6-only sockets 2023-01-24 07:24:37 +01:00
ncsi genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netfilter use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
netlabel genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink netlink: annotate data races around sk_state 2023-02-01 08:34:45 +01:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-02-09 11:28:06 +01:00
nfc net: nfc: Fix use-after-free in local_cleanup() 2023-02-01 08:34:17 +01:00
nsh
openvswitch net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 2023-02-09 11:28:11 +01:00
packet packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE 2022-11-29 08:30:18 -08:00
phonet net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
psample genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
qrtr net: qrtr: start MHI channel after endpoit creation 2022-08-15 11:21:42 +01:00
rds treewide: use get_random_{u8,u16}() when possible, part 2 2022-10-11 17:42:58 -06:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose rose: Fix NULL pointer dereference in rose_send_frame() 2022-11-02 11:57:30 +00:00
rxrpc rxrpc: Fix missing unlock in rxrpc_do_sendmsg() 2022-12-31 13:32:55 +01:00
sched net/sched: sch_taprio: do not schedule in taprio_reset() 2023-02-01 08:34:46 +01:00
sctp sctp: do not check hb_timer.expires when resetting hb_timer 2023-02-09 11:28:09 +01:00
smc use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
strparser strparser: pad sk_skb_cb to avoid straddling cachelines 2022-07-08 18:38:44 -07:00
sunrpc use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
switchdev net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
tipc use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
tls net/tls: tls_is_tx_ready() checked list_entry 2023-02-09 11:28:08 +01:00
unix unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() 2022-12-31 13:32:54 +01:00
vmw_vsock net: vmw_vsock: vmci: Check memcpy_from_msg() 2022-12-31 13:32:26 +01:00
wireless wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails 2022-12-31 13:32:20 +01:00
x25 net/x25: Fix skb leak in x25_lapb_receive_frame() 2022-11-15 20:22:19 -08:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
compat.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
devres.c
Kconfig Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
Kconfig.debug net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET 2022-09-20 14:23:56 -07:00
Makefile Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
socket.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sysctl_net.c sections: move and rename core_kernel_data() to is_kernel_core_data() 2021-11-09 10:02:50 -08:00