linux-stable/net/netfilter
Julian Anastasov 5db7c8b9f9 ipvs: fix tinfo memory leak in start_sync_thread
syzkaller reports for memory leak in start_sync_thread [1]

As Eric points out, kthread may start and stop before the
threadfn function is called, so there is no chance the
data (tinfo in our case) to be released in thread.

Fix this by releasing tinfo in the controlling code instead.

[1]
BUG: memory leak
unreferenced object 0xffff8881206bf700 (size 32):
 comm "syz-executor761", pid 7268, jiffies 4294943441 (age 20.470s)
 hex dump (first 32 bytes):
   00 40 7c 09 81 88 ff ff 80 45 b8 21 81 88 ff ff  .@|......E.!....
   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 backtrace:
   [<0000000057619e23>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
   [<0000000057619e23>] slab_post_alloc_hook mm/slab.h:439 [inline]
   [<0000000057619e23>] slab_alloc mm/slab.c:3326 [inline]
   [<0000000057619e23>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
   [<0000000086ce5479>] kmalloc include/linux/slab.h:547 [inline]
   [<0000000086ce5479>] start_sync_thread+0x5d2/0xe10 net/netfilter/ipvs/ip_vs_sync.c:1862
   [<000000001a9229cc>] do_ip_vs_set_ctl+0x4c5/0x780 net/netfilter/ipvs/ip_vs_ctl.c:2402
   [<00000000ece457c8>] nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
   [<00000000ece457c8>] nf_setsockopt+0x4c/0x80 net/netfilter/nf_sockopt.c:115
   [<00000000942f62d4>] ip_setsockopt net/ipv4/ip_sockglue.c:1258 [inline]
   [<00000000942f62d4>] ip_setsockopt+0x9b/0xb0 net/ipv4/ip_sockglue.c:1238
   [<00000000a56a8ffd>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
   [<00000000fa895401>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
   [<0000000095eef4cf>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
   [<000000009747cf88>] __do_sys_setsockopt net/socket.c:2089 [inline]
   [<000000009747cf88>] __se_sys_setsockopt net/socket.c:2086 [inline]
   [<000000009747cf88>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
   [<00000000ded8ba80>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
   [<00000000893b4ac8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported-by: syzbot+7e2e50c8adfccd2e5041@syzkaller.appspotmail.com
Suggested-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 998e7a7680 ("ipvs: Use kthread_run() instead of doing a double-fork via kernel_thread()")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-06-25 02:32:27 +02:00
..
ipset treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
ipvs ipvs: fix tinfo memory leak in start_sync_thread 2019-06-25 02:32:27 +02:00
core.c net: replace CONFIG_DEBUG_KERNEL with CONFIG_DEBUG_MISC 2019-05-14 19:52:50 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
nf_conncount.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_conntrack_acct.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_amanda.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_broadcast.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_core.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nf_conntrack_ecache.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_expect.c netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 2019-04-08 23:02:52 +02:00
nf_conntrack_extend.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_ftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: restore boundary check correctness 2019-05-06 00:36:17 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: Remove deprecated config check 2019-05-06 15:15:09 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_irc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-13 08:55:15 -07:00
nf_conntrack_pptp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-04-22 10:38:50 +02:00
nf_conntrack_proto_dccp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_generic.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_proto_gre.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_sctp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_tcp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_udp.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_sane.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_seqadj.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nf_conntrack_sip.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_snmp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_conntrack_standalone.c netfilter: conntrack: limit sysctl setting for boolean options 2019-04-30 14:18:56 +02:00
nf_conntrack_tftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_timeout.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nf_conntrack_timestamp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nf_dup_netdev.c
nf_flow_table_core.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_flow_table_inet.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_flow_table_ip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-23 14:45:36 -07:00
nf_internals.h bridge: netfilter: unroll NF_HOOK helper in bridge input path 2019-04-12 01:47:39 +02:00
nf_log.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nf_log_common.c netfilter: avoid using skb->nf_bridge directly 2018-12-19 11:21:37 -08:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_nat_core.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_nat_ftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_helper.c netfilter: nat: fix udp checksum corruption 2019-05-21 20:20:40 +02:00
nf_nat_irc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
nf_nat_masquerade.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nf_nat_proto.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nf_nat_redirect.c netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6} 2018-09-17 16:11:14 +02:00
nf_nat_sip.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_tftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_queue.c netfilter: nf_queue: fix reinject verdict handling 2019-05-21 16:10:30 +02:00
nf_sockopt.c
nf_synproxy_core.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
nf_tables_api.c netfilter: nf_tables: fix oops during rule dump 2019-05-20 19:45:23 +02:00
nf_tables_core.c netfilter: nf_tables: check the result of dereferencing base_chain->stats 2019-03-01 14:34:24 +01:00
nf_tables_set_core.c netfilter: nf_tables: fix implicit include of module.h 2019-04-30 13:35:26 +02:00
nf_tables_trace.c
nfnetlink.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_acct.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nfnetlink_cthelper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nfnetlink_cttimeout.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 77 2019-05-24 17:37:51 +02:00
nfnetlink_log.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nfnetlink_osf.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfnetlink_queue.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_bitwise.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_byteorder.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_chain_filter.c netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit 2018-08-16 19:37:03 +02:00
nft_chain_nat.c netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nft_chain_route.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nft_cmp.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_compat.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_connlimit.c netfilter: nf_conncount: merge lookup and add functions 2018-12-29 02:45:20 +01:00
nft_counter.c netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg 2019-01-28 11:32:43 +01:00
nft_ct.c netfilter: nft_ct: Add ct id support 2019-04-30 14:19:57 +02:00
nft_dup_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_dynset.c netfilter: nf_tables: relocate header content to consumer 2019-04-30 13:35:17 +02:00
nft_exthdr.c netfilter: nf_tables: merge exthdr expression into nft core 2018-04-27 00:00:56 +02:00
nft_fib.c netfilter: nft_fib: Fix existence check support 2019-05-21 16:10:38 +02:00
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-23 14:45:36 -07:00
nft_fwd_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_hash.c Revert "netfilter: nft_hash: add map lookups for hashing operations" 2019-01-18 15:59:47 +01:00
nft_immediate.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
nft_limit.c netfilter: nft_limit: fix packet ratelimiting 2018-05-23 09:50:28 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nf_tables: bogus EBUSY when deleting set after flush 2019-03-11 13:19:24 +01:00
nft_masq.c netfilter: nf_tables: fix module autoload with inet family 2019-05-31 18:20:49 +02:00
nft_meta.c netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type 2019-01-18 15:58:20 +01:00
nft_nat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
nft_numgen.c Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-10-29 11:11:33 +01:00
nft_objref.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 422 2019-06-05 17:37:15 +02:00
nft_osf.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nft_payload.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_queue.c
nft_quota.c netfilter: nf_tables: prepare nft_object for lookups via hashtable 2019-01-18 15:02:32 +01:00
nft_range.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_redir.c netfilter: nf_tables: fix module autoload with inet family 2019-05-31 18:20:49 +02:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2018-09-17 16:11:12 +02:00
nft_reject_inet.c
nft_rt.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_set_hash: remove nft_hash_key() 2019-02-27 11:08:32 +01:00
nft_set_rbtree.c netfilter: nft_set_rbtree: check for inactive element after flag mismatch 2019-03-18 16:21:09 +01:00
nft_socket.c netfilter: nft_socket: Expose socket mark 2018-07-18 11:26:52 +02:00
nft_tproxy.c netfilter: nft_tproxy: Fix missing-braces warning 2018-08-16 19:37:10 +02:00
nft_tunnel.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_xfrm.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
utils.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
x_tables.c netfilter: make two functions static 2019-04-08 23:28:33 +02:00
xt_addrtype.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2018-09-17 16:11:03 +02:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: connlabels: fix spelling mistake "trackling" -> "tracking" 2019-04-30 14:19:57 +02:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
xt_dccp.c
xt_devgroup.c
xt_DSCP.c
xt_dscp.c
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 2019-06-05 17:37:07 +02:00
xt_ipcomp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xt_iprange.c
xt_ipvs.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164 2019-05-30 11:26:38 -07:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_MASQUERADE.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
xt_multiport.c
xt_nat.c netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h 2019-02-27 10:54:08 +01:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 72 2019-05-24 17:36:47 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c
xt_osf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
xt_owner.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_physdev.c netfilter: physdev: relax br_netfilter dependency 2019-01-18 15:02:33 +01:00
xt_pkttype.c
xt_policy.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
xt_quota.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_RATEEST.c netfilter: xt_RATEEST: remove netns exit routine 2018-11-13 09:57:29 +01:00
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: Use struct_size() in kvzalloc() 2019-02-12 00:39:39 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h
xt_sctp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_SECMARK.c netfilter: xtables: avoid BUG_ON 2018-09-17 16:11:12 +02:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_TEE.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 3 2019-05-21 11:28:40 +02:00
xt_time.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
xt_u32.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00