From: Sasha Levin <sashal@kernel.org>
Date: Sat, 26 Jun 2021 18:32:20 +0000 (-0400)
Subject: Fixes for 4.9
X-Git-Tag: v5.12.14~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=27f5e14ab2d19bffcd8bb522bd88f331e732d69a;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.9/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch b/queue-4.9/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch
new file mode 100644
index 00000000000..3335b3fbdad
--- /dev/null
+++ b/queue-4.9/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch
@@ -0,0 +1,59 @@
+From 71b85758729d82ba8772fc2315b1e12ad7954aec Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 24 Jun 2021 18:39:33 -0700
+Subject: nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+[ Upstream commit 8fd0c1b0647a6bda4067ee0cd61e8395954b6f28 ]
+
+My local syzbot instance hit memory leak in nilfs2.  The problem was in
+missing kobject_put() in nilfs_sysfs_delete_device_group().
+
+kobject_del() does not call kobject_cleanup() for passed kobject and it
+leads to leaking duped kobject name if kobject_put() was not called.
+
+Fail log:
+
+  BUG: memory leak
+  unreferenced object 0xffff8880596171e0 (size 8):
+  comm "syz-executor379", pid 8381, jiffies 4294980258 (age 21.100s)
+  hex dump (first 8 bytes):
+    6c 6f 6f 70 30 00 00 00                          loop0...
+  backtrace:
+     kstrdup+0x36/0x70 mm/util.c:60
+     kstrdup_const+0x53/0x80 mm/util.c:83
+     kvasprintf_const+0x108/0x190 lib/kasprintf.c:48
+     kobject_set_name_vargs+0x56/0x150 lib/kobject.c:289
+     kobject_add_varg lib/kobject.c:384 [inline]
+     kobject_init_and_add+0xc9/0x160 lib/kobject.c:473
+     nilfs_sysfs_create_device_group+0x150/0x800 fs/nilfs2/sysfs.c:999
+     init_nilfs+0xe26/0x12b0 fs/nilfs2/the_nilfs.c:637
+
+Link: https://lkml.kernel.org/r/20210612140559.20022-1-paskripkin@gmail.com
+Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/<device> group")
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Acked-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: Michael L. Semon <mlsemon35@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nilfs2/sysfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
+index 490303e3d517..e9903bceb2bf 100644
+--- a/fs/nilfs2/sysfs.c
++++ b/fs/nilfs2/sysfs.c
+@@ -1064,6 +1064,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
+ 	nilfs_sysfs_delete_superblock_group(nilfs);
+ 	nilfs_sysfs_delete_segctor_group(nilfs);
+ 	kobject_del(&nilfs->ns_dev_kobj);
++	kobject_put(&nilfs->ns_dev_kobj);
+ 	kfree(nilfs->ns_dev_subgroups);
+ }
+ 
+-- 
+2.30.2
+
diff --git a/queue-4.9/series b/queue-4.9/series
index 0d2850be5f8..26cb5f5404b 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -66,3 +66,4 @@ sh_eth-avoid-memcpy-over-reading-of-eth_ss_stats.patch
 r8169-avoid-memcpy-over-reading-of-eth_ss_stats.patch
 net-qed-fix-memcpy-overflow-of-qed_dcbx_params.patch
 net-ll_temac-avoid-ndo_start_xmit-returning-netdev_t.patch
+nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch