• Eric Dumazet's avatar
    vlan: fix memory leak in vlan_dev_set_egress_priority · 9bbd917e
    Eric Dumazet authored
    There are few cases where the ndo_uninit() handler might be not
    called if an error happens while device is initialized.
    
    Since vlan_newlink() calls vlan_changelink() before
    trying to register the netdevice, we need to make sure
    vlan_dev_uninit() has been called at least once,
    or we might leak allocated memory.
    
    BUG: memory leak
    unreferenced object 0xffff888122a206c0 (size 32):
      comm "syz-executor511", pid 7124, jiffies 4294950399 (age 32.240s)
      hex dump (first 32 bytes):
        00 00 00 00 00 00 61 73 00 00 00 00 00 00 00 00  ......as........
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace:
        [<000000000eb3bb85>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
        [<000000000eb3bb85>] slab_post_alloc_hook mm/slab.h:586 [inline]
        [<000000000eb3bb85>] slab_alloc mm/slab.c:3320 [inline]
        [<000000000eb3bb85>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
        [<000000007b99f620>] kmalloc include/linux/slab.h:556 [inline]
        [<000000007b99f620>] vlan_dev_set_egress_priority+0xcc/0x150 net/8021q/vlan_dev.c:194
        [<000000007b0cb745>] vlan_changelink+0xd6/0x140 net/8021q/vlan_netlink.c:126
        [<0000000065aba83a>] vlan_newlink+0x135/0x200 net/8021q/vlan_netlink.c:181
        [<00000000fb5dd7a2>] __rtnl_newlink+0x89a/0xb80 net/core/rtnetlink.c:3305
        [<00000000ae4273a1>] rtnl_newlink+0x4e/0x80 net/core/rtnetlink.c:3363
        [<00000000decab39f>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5424
        [<00000000accba4ee>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
        [<00000000319fe20f>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
        [<00000000d51938dc>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
        [<00000000d51938dc>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
        [<00000000e539ac79>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
        [<000000006250c27e>] sock_sendmsg_nosec net/socket.c:639 [inline]
        [<000000006250c27e>] sock_sendmsg+0x54/0x70 net/socket.c:659
        [<00000000e2a156d1>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
        [<000000008c87466e>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
        [<00000000110e3054>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
        [<00000000d71077c8>] __do_sys_sendmsg net/socket.c:2426 [inline]
        [<00000000d71077c8>] __se_sys_sendmsg net/socket.c:2424 [inline]
        [<00000000d71077c8>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424
    
    Fixe: 07b5b17e ("[VLAN]: Use rtnl_link API")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    9bbd917e
vlan_dev.c 21.7 KB