All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
@ 2022-12-14 22:20 Mathieu Desnoyers
  2022-12-15 20:17 ` Davidlohr Bueso
  2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers
  0 siblings, 2 replies; 3+ messages in thread
From: Mathieu Desnoyers @ 2022-12-14 22:20 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: linux-kernel, Mathieu Desnoyers, Andre Almeida, Thomas Gleixner,
	Ingo Molnar, Darren Hart, Davidlohr Bueso, stable

In a scenario where kcalloc() fails to allocate memory, the futex_waitv
system call immediately returns -ENOMEM without invoking
destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
results in leaking a timer debug object.

Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andre Almeida <andrealmeid@collabora.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Darren Hart <dvhart@infradead.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: stable@vger.kernel.org # v5.16+
---
 kernel/futex/syscalls.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c
index 086a22d1adb7..a8074079b09e 100644
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -286,19 +286,22 @@ SYSCALL_DEFINE5(futex_waitv, struct futex_waitv __user *, waiters,
 	}
 
 	futexv = kcalloc(nr_futexes, sizeof(*futexv), GFP_KERNEL);
-	if (!futexv)
-		return -ENOMEM;
+	if (!futexv) {
+		ret = -ENOMEM;
+		goto destroy_timer;
+	}
 
 	ret = futex_parse_waitv(futexv, waiters, nr_futexes);
 	if (!ret)
 		ret = futex_wait_multiple(futexv, nr_futexes, timeout ? &to : NULL);
 
+	kfree(futexv);
+
+destroy_timer:
 	if (timeout) {
 		hrtimer_cancel(&to.timer);
 		destroy_hrtimer_on_stack(&to.timer);
 	}
-
-	kfree(futexv);
 	return ret;
 }
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
  2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
@ 2022-12-15 20:17 ` Davidlohr Bueso
  2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers
  1 sibling, 0 replies; 3+ messages in thread
From: Davidlohr Bueso @ 2022-12-15 20:17 UTC (permalink / raw)
  To: Mathieu Desnoyers
  Cc: Peter Zijlstra, linux-kernel, Andre Almeida, Thomas Gleixner,
	Ingo Molnar, Darren Hart, stable

On Wed, 14 Dec 2022, Mathieu Desnoyers wrote:

>In a scenario where kcalloc() fails to allocate memory, the futex_waitv
>system call immediately returns -ENOMEM without invoking
>destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
>results in leaking a timer debug object.
>
>Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
>Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
>Cc: Andre Almeida <andrealmeid@collabora.com>
>Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
>Cc: Thomas Gleixner <tglx@linutronix.de>
>Cc: Ingo Molnar <mingo@redhat.com>
>Cc: Darren Hart <dvhart@infradead.org>
>Cc: Davidlohr Bueso <dave@stgolabs.net>
>Cc: stable@vger.kernel.org # v5.16+

Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [tip: locking/urgent] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error
  2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
  2022-12-15 20:17 ` Davidlohr Bueso
@ 2022-12-27 11:58 ` tip-bot2 for Mathieu Desnoyers
  1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Mathieu Desnoyers @ 2022-12-27 11:58 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Mathieu Desnoyers, Peter Zijlstra (Intel),
	Davidlohr Bueso, stable, stable, #, v5.16+,
	x86, linux-kernel

The following commit has been merged into the locking/urgent branch of tip:

Commit-ID:     94cd8fa09f5f1ebdd4e90964b08b7f2cc4b36c43
Gitweb:        https://git.kernel.org/tip/94cd8fa09f5f1ebdd4e90964b08b7f2cc4b36c43
Author:        Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
AuthorDate:    Wed, 14 Dec 2022 17:20:08 -05:00
Committer:     Peter Zijlstra <peterz@infradead.org>
CommitterDate: Tue, 27 Dec 2022 12:52:02 +01:00

futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error

In a scenario where kcalloc() fails to allocate memory, the futex_waitv
system call immediately returns -ENOMEM without invoking
destroy_hrtimer_on_stack(). When CONFIG_DEBUG_OBJECTS_TIMERS=y, this
results in leaking a timer debug object.

Fixes: bf69bad38cf6 ("futex: Implement sys_futex_waitv()")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: stable@vger.kernel.org
Cc: stable@vger.kernel.org # v5.16+
Link: https://lore.kernel.org/r/20221214222008.200393-1-mathieu.desnoyers@efficios.com
---
 kernel/futex/syscalls.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c
index 086a22d..a807407 100644
--- a/kernel/futex/syscalls.c
+++ b/kernel/futex/syscalls.c
@@ -286,19 +286,22 @@ SYSCALL_DEFINE5(futex_waitv, struct futex_waitv __user *, waiters,
 	}
 
 	futexv = kcalloc(nr_futexes, sizeof(*futexv), GFP_KERNEL);
-	if (!futexv)
-		return -ENOMEM;
+	if (!futexv) {
+		ret = -ENOMEM;
+		goto destroy_timer;
+	}
 
 	ret = futex_parse_waitv(futexv, waiters, nr_futexes);
 	if (!ret)
 		ret = futex_wait_multiple(futexv, nr_futexes, timeout ? &to : NULL);
 
+	kfree(futexv);
+
+destroy_timer:
 	if (timeout) {
 		hrtimer_cancel(&to.timer);
 		destroy_hrtimer_on_stack(&to.timer);
 	}
-
-	kfree(futexv);
 	return ret;
 }
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-27 11:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-14 22:20 [RFC PATCH] futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error Mathieu Desnoyers
2022-12-15 20:17 ` Davidlohr Bueso
2022-12-27 11:58 ` [tip: locking/urgent] " tip-bot2 for Mathieu Desnoyers

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.