From: Greg Kroah-Hartman Date: Mon, 4 Mar 2024 10:42:03 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v4.19.309~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ea829057a4add33fb47efda181dd3ea4009013f;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch --- diff --git a/queue-5.15/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch b/queue-5.15/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch new file mode 100644 index 00000000000..81bcdebd67e --- /dev/null +++ b/queue-5.15/cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch @@ -0,0 +1,66 @@ +From e21a2f17566cbd64926fb8f16323972f7a064444 Mon Sep 17 00:00:00 2001 +From: Baokun Li +Date: Sat, 17 Feb 2024 16:14:31 +0800 +Subject: cachefiles: fix memory leak in cachefiles_add_cache() + +From: Baokun Li + +commit e21a2f17566cbd64926fb8f16323972f7a064444 upstream. + +The following memory leak was reported after unbinding /dev/cachefiles: + +================================================================== +unreferenced object 0xffff9b674176e3c0 (size 192): + comm "cachefilesd2", pid 680, jiffies 4294881224 + hex dump (first 32 bytes): + 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace (crc ea38a44b): + [] kmem_cache_alloc+0x2d5/0x370 + [] prepare_creds+0x26/0x2e0 + [] cachefiles_determine_cache_security+0x1f/0x120 + [] cachefiles_add_cache+0x13c/0x3a0 + [] cachefiles_daemon_write+0x146/0x1c0 + [] vfs_write+0xcb/0x520 + [] ksys_write+0x69/0xf0 + [] do_syscall_64+0x72/0x140 + [] entry_SYSCALL_64_after_hwframe+0x6e/0x76 +================================================================== + +Put the reference count of cache_cred in cachefiles_daemon_unbind() to +fix the problem. And also put cache_cred in cachefiles_add_cache() error +branch to avoid memory leaks. + +Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem") +CC: stable@vger.kernel.org +Signed-off-by: Baokun Li +Link: https://lore.kernel.org/r/20240217081431.796809-1-libaokun1@huawei.com +Acked-by: David Howells +Reviewed-by: Jingbo Xu +Reviewed-by: Jeff Layton +Signed-off-by: Christian Brauner +Signed-off-by: Baokun Li +Signed-off-by: Greg Kroah-Hartman +--- + fs/cachefiles/bind.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/cachefiles/bind.c ++++ b/fs/cachefiles/bind.c +@@ -249,6 +249,8 @@ error_open_root: + kmem_cache_free(cachefiles_object_jar, fsdef); + error_root_object: + cachefiles_end_secure(cache, saved_cred); ++ put_cred(cache->cache_cred); ++ cache->cache_cred = NULL; + pr_err("Failed to register: %d\n", ret); + return ret; + } +@@ -269,6 +271,7 @@ void cachefiles_daemon_unbind(struct cac + + dput(cache->graveyard); + mntput(cache->mnt); ++ put_cred(cache->cache_cred); + + kfree(cache->rootdirname); + kfree(cache->secctx); diff --git a/queue-5.15/series b/queue-5.15/series index 0901fbe5366..1dd16be7ca9 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -68,3 +68,4 @@ mptcp-clean-up-harmless-false-expressions.patch mptcp-add-needs_id-for-netlink-appending-addr.patch mptcp-push-at-dss-boundaries.patch mptcp-fix-possible-deadlock-in-subflow-diag.patch +cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch