diff options
Diffstat (limited to '0002-exec-Fix-mem-leak-in-kernel_read_file.patch')
| -rw-r--r-- | 0002-exec-Fix-mem-leak-in-kernel_read_file.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/0002-exec-Fix-mem-leak-in-kernel_read_file.patch deleted file mode 100644 index 750e105d3741..000000000000 --- a/0002-exec-Fix-mem-leak-in-kernel_read_file.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e4817043e07f7414acdb25aa0d0689cb30a5fc2b Mon Sep 17 00:00:00 2001 -From: YueHaibing <yuehaibing@huawei.com> -Date: Tue, 19 Feb 2019 10:10:38 +0800 -Subject: [PATCH 2/3] exec: Fix mem leak in kernel_read_file - -syzkaller report this: -BUG: memory leak -unreferenced object 0xffffc9000488d000 (size 9195520): - comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s) - hex dump (first 32 bytes): - ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................ - 02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z..... - backtrace: - [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline] - [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline] - [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831 - [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924 - [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993 - [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895 - [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 - [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe - [<00000000241f889b>] 0xffffffffffffffff - -It should goto 'out_free' lable to free allocated buf while kernel_read -fails. - -Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory") -Signed-off-by: YueHaibing <yuehaibing@huawei.com> -Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> ---- - fs/exec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/exec.c b/fs/exec.c -index fc281b738a98..20c33029a062 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, - bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); - if (bytes < 0) { - ret = bytes; -- goto out; -+ goto out_free; - } - - if (bytes == 0) --- -2.20.1 - |