From: Sasha Levin <sashal@kernel.org>
Date: Sat, 26 Jun 2021 18:32:21 +0000 (-0400)
Subject: Fixes for 4.4
X-Git-Tag: v5.12.14~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d174afc881d34aa3dc6b3c02b7e8cabeefe5206;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.4/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch b/queue-4.4/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch
new file mode 100644
index 00000000000..ea9cb6cb149
--- /dev/null
+++ b/queue-4.4/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch
@@ -0,0 +1,59 @@
+From 7a36dc05bf6439a2b23b51d8558be16a0ae5ebf3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 24 Jun 2021 18:39:33 -0700
+Subject: nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+[ Upstream commit 8fd0c1b0647a6bda4067ee0cd61e8395954b6f28 ]
+
+My local syzbot instance hit memory leak in nilfs2.  The problem was in
+missing kobject_put() in nilfs_sysfs_delete_device_group().
+
+kobject_del() does not call kobject_cleanup() for passed kobject and it
+leads to leaking duped kobject name if kobject_put() was not called.
+
+Fail log:
+
+  BUG: memory leak
+  unreferenced object 0xffff8880596171e0 (size 8):
+  comm "syz-executor379", pid 8381, jiffies 4294980258 (age 21.100s)
+  hex dump (first 8 bytes):
+    6c 6f 6f 70 30 00 00 00                          loop0...
+  backtrace:
+     kstrdup+0x36/0x70 mm/util.c:60
+     kstrdup_const+0x53/0x80 mm/util.c:83
+     kvasprintf_const+0x108/0x190 lib/kasprintf.c:48
+     kobject_set_name_vargs+0x56/0x150 lib/kobject.c:289
+     kobject_add_varg lib/kobject.c:384 [inline]
+     kobject_init_and_add+0xc9/0x160 lib/kobject.c:473
+     nilfs_sysfs_create_device_group+0x150/0x800 fs/nilfs2/sysfs.c:999
+     init_nilfs+0xe26/0x12b0 fs/nilfs2/the_nilfs.c:637
+
+Link: https://lkml.kernel.org/r/20210612140559.20022-1-paskripkin@gmail.com
+Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/<device> group")
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Acked-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Cc: Michael L. Semon <mlsemon35@gmail.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nilfs2/sysfs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
+index bbb0dcc35905..c3b629eec294 100644
+--- a/fs/nilfs2/sysfs.c
++++ b/fs/nilfs2/sysfs.c
+@@ -1062,6 +1062,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
+ 	nilfs_sysfs_delete_superblock_group(nilfs);
+ 	nilfs_sysfs_delete_segctor_group(nilfs);
+ 	kobject_del(&nilfs->ns_dev_kobj);
++	kobject_put(&nilfs->ns_dev_kobj);
+ 	kfree(nilfs->ns_dev_subgroups);
+ }
+ 
+-- 
+2.30.2
+
diff --git a/queue-4.4/series b/queue-4.4/series
index f442ef78733..8475227714e 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -52,3 +52,4 @@ r8152-avoid-memcpy-over-reading-of-eth_ss_stats.patch
 sh_eth-avoid-memcpy-over-reading-of-eth_ss_stats.patch
 r8169-avoid-memcpy-over-reading-of-eth_ss_stats.patch
 net-ll_temac-avoid-ndo_start_xmit-returning-netdev_t.patch
+nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch