• Jouni Hogander's avatar
    slip: Fix memory leak in slip_open error path · 3b5a3997
    Jouni Hogander authored
    Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected
    by Syzkaller in slcan. Same issue exists in slip.c and this patch is
    addressing the leak in slip.c.
    
    Here is the slcan memory leak trace reported by Syzkaller:
    
    BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096):
      comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s)
      hex dump (first 32 bytes):
        73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0..........
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
      backtrace:
        [<00000000a06eec0d>] __kmalloc+0x18b/0x2c0
        [<0000000083306e66>] kvmalloc_node+0x3a/0xc0
        [<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080
        [<0000000061a996c9>] slcan_open+0x3ae/0x9a0
        [<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0
        [<0000000019289631>] tty_set_ldisc+0x28c/0x5f0
        [<000000004de5a617>] tty_ioctl+0x48d/0x1590
        [<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510
        [<0000000059068dbc>] ksys_ioctl+0x99/0xb0
        [<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0
        [<0000000053d0332e>] do_syscall_64+0x16f/0x580
        [<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
        [<000000008ea75434>] 0xfffffffffffffff
    
    Cc: "David S. Miller" <davem@davemloft.net>
    Cc: Oliver Hartkopp <socketcan@hartkopp.net>
    Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
    Signed-off-by: default avatarJouni Hogander <jouni.hogander@unikie.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3b5a3997
slip.c 32.9 KB