* [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
@ 2022-12-14 22:20 Mathieu Desnoyers
2022-12-15 20:17 ` Davidlohr Bueso
2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers
0 siblings, 2 replies; 3+ messages in thread
From: Mathieu Desnoyers @ 2022-12-14 22:20 UTC (permalink / raw)
To: Peter Zijlstra
Cc: linux-kernel, Mathieu Desnoyers, Andre Almeida, Thomas Gleixner,
Ingo Molnar, Darren Hart, Davidlohr Bueso, stable
In a scenario where kcalloc() fails to allocate memory, the futex_waitv
system call immediately returns -ENOMEM without invoking
destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
results in leaking a timer debug object.
Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andre Almeida <andrealmeid@collabora.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Darren Hart <dvhart@infradead.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: stable@vger.kernel.org # v5.16+
---
kernel/futex/syscalls.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c
index 086a22d1adb7..a8074079b09e 100644
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -286,19 +286,22 @@ SYSCALL_DEFINE5(futex_waitv, struct futex_waitv __user *, waiters,
}
futexv = kcalloc(nr_futexes, sizeof(*futexv), GFP_KERNEL);
- if (!futexv)
- return -ENOMEM;
+ if (!futexv) {
+ ret = -ENOMEM;
+ goto destroy_timer;
+ }
ret = futex_parse_waitv(futexv, waiters, nr_futexes);
if (!ret)
ret = futex_wait_multiple(futexv, nr_futexes, timeout ? &to : NULL);
+ kfree(futexv);
+
+destroy_timer:
if (timeout) {
hrtimer_cancel(&to.timer);
destroy_hrtimer_on_stack(&to.timer);
}
-
- kfree(futexv);
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
@ 2022-12-15 20:17 ` Davidlohr Bueso
2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers
1 sibling, 0 replies; 3+ messages in thread
From: Davidlohr Bueso @ 2022-12-15 20:17 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Peter Zijlstra, linux-kernel, Andre Almeida, Thomas Gleixner,
Ingo Molnar, Darren Hart, stable
On Wed, 14 Dec 2022, Mathieu Desnoyers wrote:
>In a scenario where kcalloc() fails to allocate memory, the futex_waitv
>system call immediately returns -ENOMEM without invoking
>destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
>results in leaking a timer debug object.
>
>Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
>Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
>Cc: Andre Almeida <andrealmeid@collabora.com>
>Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
>Cc: Thomas Gleixner <tglx@linutronix.de>
>Cc: Ingo Molnar <mingo@redhat.com>
>Cc: Darren Hart <dvhart@infradead.org>
>Cc: Davidlohr Bueso <dave@stgolabs.net>
>Cc: stable@vger.kernel.org # v5.16+
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
^ permalink raw reply [flat|nested] 3+ messages in thread* [tip: locking/urgent] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
2022-12-15 20:17 ` Davidlohr Bueso
@ 2022-12-27 11:58 ` tip-bot2 for Mathieu Desnoyers
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Mathieu Desnoyers @ 2022-12-27 11:58 UTC (permalink / raw)
To: linux-tip-commits
Cc: Mathieu Desnoyers, Peter Zijlstra (Intel),
Davidlohr Bueso, stable, stable, #, v5.16+,
x86, linux-kernel
The following commit has been merged into the locking/urgent branch of tip:
Commit-ID: 94cd8fa09f5f1ebdd4e90964b08b7f2cc4b36c43
Gitweb: https://git.kernel.org/tip/94cd8fa09f5f1ebdd4e90964b08b7f2cc4b36c43
Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
AuthorDate: Wed, 14 Dec 2022 17:20:08 -05:00
Committer: Peter Zijlstra <peterz@infradead.org>
CommitterDate: Tue, 27 Dec 2022 12:52:02 +01:00
futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
In a scenario where kcalloc() fails to allocate memory, the futex_waitv
system call immediately returns -ENOMEM without invoking
destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
results in leaking a timer debug object.
Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: stable@vger.kernel.org
Cc: stable@vger.kernel.org # v5.16+
Link: https://lore.kernel.org/r/20221214222008.200393-1-mathieu.desnoyers@efficios.com
---
kernel/futex/syscalls.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c
index 086a22d..a807407 100644
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -286,19 +286,22 @@ SYSCALL_DEFINE5(futex_waitv, struct futex_waitv __user *, waiters,
}
futexv = kcalloc(nr_futexes, sizeof(*futexv), GFP_KERNEL);
- if (!futexv)
- return -ENOMEM;
+ if (!futexv) {
+ ret = -ENOMEM;
+ goto destroy_timer;
+ }
ret = futex_parse_waitv(futexv, waiters, nr_futexes);
if (!ret)
ret = futex_wait_multiple(futexv, nr_futexes, timeout ? &to : NULL);
+ kfree(futexv);
+
+destroy_timer:
if (timeout) {
hrtimer_cancel(&to.timer);
destroy_hrtimer_on_stack(&to.timer);
}
-
- kfree(futexv);
return ret;
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-27 11:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
2022-12-15 20:17 ` Davidlohr Bueso
2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.