From patchwork Sat Jul 10 07:03:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Skripkin X-Patchwork-Id: 12368361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E66FBC07E95 for ; Sat, 10 Jul 2021 07:03:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C2413613E3 for ; Sat, 10 Jul 2021 07:03:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232032AbhGJHGG (ORCPT ); Sat, 10 Jul 2021 03:06:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232031AbhGJHGG (ORCPT ); Sat, 10 Jul 2021 03:06:06 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38F07C0613DD; Sat, 10 Jul 2021 00:03:21 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id v14so28217377lfb.4; Sat, 10 Jul 2021 00:03:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xo4bexh207DLTAjED8GZaZ5kSi3bAbNhqunA58gKJSQ=; b=YuFfzV5PEjCJ73ZKma2lAnzAgcwWvh6hBYp02t9GzUXSgMDvk7M8AjtY6r5u/GsyRG a9rd6fDbBDQRkHC+i1s0K9M6r0dfFami/+NXMRwv6JkyYkNFkTS5zQ8uHxYMCp9W3idU I/fCGtlhGSDRAKGZRSppap2iUqs7YegGLJTAYHu4Pk3ZlJnl62ODtWrxj05EWMoOHOAC 8Li9ElTI6xmpFWezFVq0dSExPl9pPR1725MAc0z/fOGL5KikOynrMMHznIpo+AecLZ4L 76qsZgekcTLDgZE0qVXBT2CMaCxnQm1OBm2RnbzHrwcvaQ6UhjGsLpqkouJoH8jpSNVh BMyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xo4bexh207DLTAjED8GZaZ5kSi3bAbNhqunA58gKJSQ=; b=NdrFrkc7GjvIxFZIrNe8BtkwMqzOVzJDhCb+p0aK+iSGiMpdhJqQ8tw1SlfntNz488 UaYGIb4g2whmgzl/5OoFGnrIyoePgTOAebQsmgLg5FmqA9v/8QzmoCxFvHXZSQNI4yRL Zhwmdek8xvESEsHzoYDwxneMVv2rtkDioh6MSlg85uoaLprKFxlgtNbarXMfgnHxL8bl BJ70R2CpCCdN/JG64BjyoRpV//mr8i1J7roNJI+Yc19yE2dQJFrpZlZsHeb2SqasACI6 oDdZzR3KtzswekSo/AKAlcRT5d9/2KVCmEopZLep9JRtlT5dUdbWnetTe+ucVK2wNv5R 2QuQ== X-Gm-Message-State: AOAM531zjqpFRY/v8n7guYB0eNElwhmHksGMN7/3v3sQtyI2kh6dVBfl JrCgYFVKNEw1/wz/NMITodM= X-Google-Smtp-Source: ABdhPJwoeX4A8fRR0QsrYJzJJOPI2Ud7BK36wluOrKelOU1yZ3F2gWSCpar5CybY4hJWlWyXVC6Lmw== X-Received: by 2002:a05:6512:3f0d:: with SMTP id y13mr22915092lfa.217.1625900599534; Sat, 10 Jul 2021 00:03:19 -0700 (PDT) Received: from localhost.localdomain ([94.103.225.155]) by smtp.gmail.com with ESMTPSA id p11sm642778lft.298.2021.07.10.00.03.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Jul 2021 00:03:19 -0700 (PDT) From: Pavel Skripkin To: paul@paul-moore.com, davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, kuba@kernel.org Cc: netdev@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Pavel Skripkin , syzbot+cdd51ee2e6b0b2e18c0d@syzkaller.appspotmail.com Subject: [PATCH 1/2] net: cipso: fix warnings in netlbl_cipsov4_add_std Date: Sat, 10 Jul 2021 10:03:13 +0300 Message-Id: <53de0ccd1aa3fffa6bce2a2ae7a5ca07e0af6d3a.1625900431.git.paskripkin@gmail.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: Syzbot reported warning in netlbl_cipsov4_add(). The problem was in too big doi_def->map.std->lvl.local_size passed to kcalloc(). Since this value comes from userpace there is no need to warn if value is not correct. The same problem may occur with other kcalloc() calls in this function, so, I've added __GFP_NOWARN flag to all kcalloc() calls there. Reported-and-tested-by: syzbot+cdd51ee2e6b0b2e18c0d@syzkaller.appspotmail.com Fixes: 96cb8e3313c7 ("[NetLabel]: CIPSOv4 and Unlabeled packet integration") Signed-off-by: Pavel Skripkin Acked-by: Paul Moore --- net/netlabel/netlabel_cipso_v4.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index 4f50a64315cf..50f40943c815 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c @@ -187,14 +187,14 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, } doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size, sizeof(u32), - GFP_KERNEL); + GFP_KERNEL | __GFP_NOWARN); if (doi_def->map.std->lvl.local == NULL) { ret_val = -ENOMEM; goto add_std_failure; } doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size, sizeof(u32), - GFP_KERNEL); + GFP_KERNEL | __GFP_NOWARN); if (doi_def->map.std->lvl.cipso == NULL) { ret_val = -ENOMEM; goto add_std_failure; @@ -263,7 +263,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, doi_def->map.std->cat.local = kcalloc( doi_def->map.std->cat.local_size, sizeof(u32), - GFP_KERNEL); + GFP_KERNEL | __GFP_NOWARN); if (doi_def->map.std->cat.local == NULL) { ret_val = -ENOMEM; goto add_std_failure; @@ -271,7 +271,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, doi_def->map.std->cat.cipso = kcalloc( doi_def->map.std->cat.cipso_size, sizeof(u32), - GFP_KERNEL); + GFP_KERNEL | __GFP_NOWARN); if (doi_def->map.std->cat.cipso == NULL) { ret_val = -ENOMEM; goto add_std_failure; From patchwork Sat Jul 10 07:03:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Skripkin X-Patchwork-Id: 12368363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D391C07E95 for ; Sat, 10 Jul 2021 07:03:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3759C613C3 for ; Sat, 10 Jul 2021 07:03:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232031AbhGJHGN (ORCPT ); Sat, 10 Jul 2021 03:06:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230332AbhGJHGN (ORCPT ); Sat, 10 Jul 2021 03:06:13 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E258AC0613E5; Sat, 10 Jul 2021 00:03:27 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id v14so28217866lfb.4; Sat, 10 Jul 2021 00:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RoAygn85CqSsjA+ZP3tE/tDUqjjTDbTT9PVg83fTW1Q=; b=Qk0M31hpLFQuZ101Z7OCsnl/DFh07uLcSdbJyOMSFQuqHdob7iXbLGmemYWt/lfub5 EP9sj0t53DYqp1W5+g37adrSfcG0qcwDYdrZHBcy3apVTnmM+Jz2MXLU3kxuPXKa1Y9w PNTI0y3bknbuJH8YyX67X7z1T+1R7LZjx61tEPvtHNiljlrvAug2dyit7wb48X73zFgP IGdWrEDfByHJ33MLetB6+mIA+CFRvqqqcAMd6Z+esO5ilKyk88pt6gpf3zEWP8I3smlz G/ZGtaJs/Pm/Lf2WCtTokYQyQXDw4cWPNx5RWeekJY/pBozggYukO9jOaOzEQ4Pa3Ias x0+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RoAygn85CqSsjA+ZP3tE/tDUqjjTDbTT9PVg83fTW1Q=; b=ML/wi8iJ2lFOvtBjpmHrM/fopaaWBPF7HdM8CgDAMl1UxTDZ5FqbqZHlt7MsVm+ue3 +aFvLqLS9B7wfDARtmf+RuQiKywzTRtdIa1OawcofdVNchWBnrYyTkIfQn1+TL9YsqyM LV+35Ref5aHaIEfKYo+wkrmoBs0luNPS7nRKoU6WeKSIyipanFd21RNiXCS/nQ3/bKjN iBjPx0UXWq0jmtN5d/YOgqte5O8O+GRcIMCgZ4eOiaWISbpQ9CZsUu1bKsc0aMhICVej Pu2FbzW4+woYN+HrAK8/j82I+m6Fl+c4LEQpvW/natIlLTpdf3tz4nDjWhtHrA4IW2dq +pZQ== X-Gm-Message-State: AOAM5304sbVui5huUBjN+/0muMVVEamcDTH9euw67lmTJm0IGcTJpBNx tS4TH6Ww/0bcdRSoGBpt4FU= X-Google-Smtp-Source: ABdhPJzu16VvgFv4ofhB8NgsK1+b27btX0redgywactLG0cYGLYM5EsK6UcWcvU+fcDRCFQs/oyaVA== X-Received: by 2002:a05:6512:4007:: with SMTP id br7mr23604831lfb.271.1625900606277; Sat, 10 Jul 2021 00:03:26 -0700 (PDT) Received: from localhost.localdomain ([94.103.225.155]) by smtp.gmail.com with ESMTPSA id a1sm616309lff.232.2021.07.10.00.03.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Jul 2021 00:03:25 -0700 (PDT) From: Pavel Skripkin To: paul@paul-moore.com, davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, kuba@kernel.org Cc: netdev@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Pavel Skripkin Subject: [PATCH 2/2] net: cipso: fix memory leak in cipso_v4_doi_free Date: Sat, 10 Jul 2021 10:03:23 +0300 Message-Id: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: When doi_def->type == CIPSO_V4_MAP_TRANS doi_def->map.std should be freed to avoid memory leak. Fail log: BUG: memory leak unreferenced object 0xffff88801b936d00 (size 64): comm "a.out", pid 8478, jiffies 4295042353 (age 15.260s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 15 b8 12 26 00 00 00 00 00 00 00 00 .......&........ backtrace: netlbl_cipsov4_add (net/netlabel/netlabel_cipso_v4.c:145 net/netlabel/netlabel_cipso_v4.c:416) genl_family_rcv_msg_doit (net/netlink/genetlink.c:741) genl_rcv_msg (net/netlink/genetlink.c:783 net/netlink/genetlink.c:800) netlink_rcv_skb (net/netlink/af_netlink.c:2505) genl_rcv (net/netlink/genetlink.c:813) Fixes: b1edeb102397 ("netlabel: Replace protocol/NetLabel linking with refrerence counts") Signed-off-by: Pavel Skripkin --- net/ipv4/cipso_ipv4.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index bfaf327e9d12..e0480c6cebaa 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -472,6 +472,7 @@ void cipso_v4_doi_free(struct cipso_v4_doi *doi_def) kfree(doi_def->map.std->lvl.local); kfree(doi_def->map.std->cat.cipso); kfree(doi_def->map.std->cat.local); + kfree(doi_def->map.std); break; } kfree(doi_def);