From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753781AbcLHVRt (ORCPT <rfc822;w@1wt.eu>);
        Thu, 8 Dec 2016 16:17:49 -0500
Received: from mail-io0-f179.google.com ([209.85.223.179]:34183 "EHLO
        mail-io0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752854AbcLHVRr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Dec 2016 16:17:47 -0500
MIME-Version: 1.0
In-Reply-To: <CAB=NE6VTTWQpFFWYRbtkodR-iQE3Z8b42h4xR5xHOUueomXAUQ@mail.gmail.com>
References: <20161208184801.1689-1-mcgrof@kernel.org> <20161208194802.2438-1-mcgrof@kernel.org>
 <CAGXu5jLVV6nvTkTkU7oEwSNgOd8Gep1XaF1pTDBY=SRn8ErKeg@mail.gmail.com> <CAB=NE6VTTWQpFFWYRbtkodR-iQE3Z8b42h4xR5xHOUueomXAUQ@mail.gmail.com>
From: Kees Cook <keescook@chromium.org>
Date: Thu, 8 Dec 2016 13:17:45 -0800
X-Google-Sender-Auth: pr87V1LIrU_e84SA8wL-ir3d8UI
Message-ID: <CAGXu5jLG6SpO9KawHx44-da7ftE5zbywbw4Ba7vBc4WFLY4EuA@mail.gmail.com>
Subject: Re: [RFC 02/10] module: fix memory leak on early load_module() failures
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: shuah@kernel.org, Jessica Yu <jeyu@redhat.com>,
        Rusty Russell <rusty@rustcorp.com.au>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Dmitry Torokhov <dmitry.torokhov@gmail.com>,
        Arnaldo Carvalho de Melo <acme@redhat.com>,
        Jonathan Corbet <corbet@lwn.net>, martin.wilck@suse.com,
        Michal Marek <mmarek@suse.com>, Petr Mladek <pmladek@suse.com>,
        hare <hare@suse.com>, rwright@hpe.com, Jeff Mahoney <jeffm@suse.com>,
        DSterba@suse.com, Filipe Manana <fdmanana@suse.com>,
        NeilBrown <neilb@suse.com>, Guenter Roeck <linux@roeck-us.net>,
        rgoldwyn@suse.com, subashab@codeaurora.org,
        Heinrich Schuchardt <xypron.glpk@gmx.de>,
        Aaron Tomlin <atomlin@redhat.com>, Miroslav Benes <mbenes@suse.cz>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Dan Williams <dan.j.williams@intel.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        Ingo Molnar <mingo@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-kselftest@vger.kernel.org,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 8, 2016 at 1:10 PM, Luis R. Rodriguez <mcgrof@kernel.org> wrote:
> On Thu, Dec 8, 2016 at 2:30 PM, Kees Cook <keescook@chromium.org> wrote:
>> On Thu, Dec 8, 2016 at 11:48 AM, Luis R. Rodriguez <mcgrof@kernel.org> wrote:
>>> While looking for early possible module loading failures I was
>>> able to reproduce a memory leak possible with kmemleak. There
>>> are a few rare ways to trigger a failure:
>>>
>>>   o we've run into a failure while processing kernel parameters
>>>     (parse_args() returns an error)
>>>   o mod_sysfs_setup() fails
>>>   o we're a live patch module and copy_module_elf() fails
>>>
>>> Chances of running into this issue is really low.
>>>
>>> kmemleak splat:
>>>
>>> unreferenced object 0xffff9f2c4ada1b00 (size 32):
>>>   comm "kworker/u16:4", pid 82, jiffies 4294897636 (age 681.816s)
>>>   hex dump (first 32 bytes):
>>>     6d 65 6d 73 74 69 63 6b 30 00 00 00 00 00 00 00  memstick0.......
>>>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>>>   backtrace:
>>>     [<ffffffff8c6cfeba>] kmemleak_alloc+0x4a/0xa0
>>>     [<ffffffff8c200046>] __kmalloc_track_caller+0x126/0x230
>>>     [<ffffffff8c1bc581>] kstrdup+0x31/0x60
>>>     [<ffffffff8c1bc5d4>] kstrdup_const+0x24/0x30
>>>     [<ffffffff8c3c23aa>] kvasprintf_const+0x7a/0x90
>>>     [<ffffffff8c3b5481>] kobject_set_name_vargs+0x21/0x90
>>>     [<ffffffff8c4fbdd7>] dev_set_name+0x47/0x50
>>>     [<ffffffffc07819e5>] memstick_check+0x95/0x33c [memstick]
>>>     [<ffffffff8c09c893>] process_one_work+0x1f3/0x4b0
>>>     [<ffffffff8c09cb98>] worker_thread+0x48/0x4e0
>>>     [<ffffffff8c0a2b79>] kthread+0xc9/0xe0
>>>     [<ffffffff8c6dab5f>] ret_from_fork+0x1f/0x40
>>>     [<ffffffffffffffff>] 0xffffffffffffffff
>>>
>>> Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org>
>>
>> Acked-by: Kees Cook <keescook@chromium.org>
>>
>> Is this worth sending through -stable too?
>
> Yes, for some reason git-send e-mail complained to me about
> stable@kernel.org not being a valid local address, so I had to remove
> it, but indeed. I'll try to fix this e-mail issue later and add your
> tag.

Yup, you want stable@vger.kernel.org. :)

-Kees

-- 
Kees Cook
Nexus Security