• YueHaibing's avatar
    exec: Fix mem leak in kernel_read_file · a9bda122
    YueHaibing authored
    commit f612acfa upstream.
    
    syzkaller report this:
    BUG: memory leak
    unreferenced object 0xffffc9000488d000 (size 9195520):
      comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
      hex dump (first 32 bytes):
        ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00  ................
        02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff  ..........z.....
      backtrace:
        [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
        [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
        [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
        [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
        [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
        [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
        [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
        [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [<00000000241f889b>] 0xffffffffffffffff
    
    It should goto 'out_free' lable to free allocated buf while kernel_read
    fails.
    
    Fixes: 39d637af ("vfs: forbid write access when reading a file into memory")
    Signed-off-by: 's avatarYueHaibing <yuehaibing@huawei.com>
    Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
    Cc: Thibaut Sautereau <thibaut@sautereau.fr>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    a9bda122
exec.c 47 KB