linux/net
Nicolas Dichtel 56c5ee1a58 xfrm interface: fix memory leak on creation
The following commands produce a backtrace and return an error but the xfrm
interface is created (in the wrong netns):
$ ip netns add foo
$ ip netns add bar
$ ip -n foo netns set bar 0
$ ip -n foo link add xfrmi0 link-netnsid 0 type xfrm dev lo if_id 23
RTNETLINK answers: Invalid argument
$ ip -n bar link ls xfrmi0
2: xfrmi0@lo: <NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/none 00:00:00:00:00:00 brd 00:00:00:00:00:00

Here is the backtrace:
[   79.879174] WARNING: CPU: 0 PID: 1178 at net/core/dev.c:8172 rollback_registered_many+0x86/0x3c1
[   79.880260] Modules linked in: xfrm_interface nfsv3 nfs_acl auth_rpcgss nfsv4 nfs lockd grace sunrpc fscache button parport_pc parport serio_raw evdev pcspkr loop ext4 crc16 mbcache jbd2 crc32c_generic ide_cd_mod ide_gd_mod cdrom ata_$
eneric ata_piix libata scsi_mod 8139too piix psmouse i2c_piix4 ide_core 8139cp mii i2c_core floppy
[   79.883698] CPU: 0 PID: 1178 Comm: ip Not tainted 5.2.0-rc6+ #106
[   79.884462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   79.885447] RIP: 0010:rollback_registered_many+0x86/0x3c1
[   79.886120] Code: 01 e8 d7 7d c6 ff 0f 0b 48 8b 45 00 4c 8b 20 48 8d 58 90 49 83 ec 70 48 8d 7b 70 48 39 ef 74 44 8a 83 d0 04 00 00 84 c0 75 1f <0f> 0b e8 61 cd ff ff 48 b8 00 01 00 00 00 00 ad de 48 89 43 70 66
[   79.888667] RSP: 0018:ffffc900015ab740 EFLAGS: 00010246
[   79.889339] RAX: ffff8882353e5700 RBX: ffff8882353e56a0 RCX: ffff8882353e5710
[   79.890174] RDX: ffffc900015ab7e0 RSI: ffffc900015ab7e0 RDI: ffff8882353e5710
[   79.891029] RBP: ffffc900015ab7e0 R08: ffffc900015ab7e0 R09: ffffc900015ab7e0
[   79.891866] R10: ffffc900015ab7a0 R11: ffffffff82233fec R12: ffffc900015ab770
[   79.892728] R13: ffffffff81eb7ec0 R14: ffff88822ed6cf00 R15: 00000000ffffffea
[   79.893557] FS:  00007ff350f31740(0000) GS:ffff888237a00000(0000) knlGS:0000000000000000
[   79.894581] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   79.895317] CR2: 00000000006c8580 CR3: 000000022c272000 CR4: 00000000000006f0
[   79.896137] Call Trace:
[   79.896464]  unregister_netdevice_many+0x12/0x6c
[   79.896998]  __rtnl_newlink+0x6e2/0x73b
[   79.897446]  ? __kmalloc_node_track_caller+0x15e/0x185
[   79.898039]  ? pskb_expand_head+0x5f/0x1fe
[   79.898556]  ? stack_access_ok+0xd/0x2c
[   79.899009]  ? deref_stack_reg+0x12/0x20
[   79.899462]  ? stack_access_ok+0xd/0x2c
[   79.899927]  ? stack_access_ok+0xd/0x2c
[   79.900404]  ? __module_text_address+0x9/0x4f
[   79.900910]  ? is_bpf_text_address+0x5/0xc
[   79.901390]  ? kernel_text_address+0x67/0x7b
[   79.901884]  ? __kernel_text_address+0x1a/0x25
[   79.902397]  ? unwind_get_return_address+0x12/0x23
[   79.903122]  ? __cmpxchg_double_slab.isra.37+0x46/0x77
[   79.903772]  rtnl_newlink+0x43/0x56
[   79.904217]  rtnetlink_rcv_msg+0x200/0x24c

In fact, each time a xfrm interface was created, a netdev was allocated
by __rtnl_newlink()/rtnl_create_link() and then another one by
xfrmi_newlink()/xfrmi_create(). Only the second one was registered, it's
why the previous commands produce a backtrace: dev_change_net_namespace()
was called on a netdev with reg_state set to NETREG_UNINITIALIZED (the
first one).

CC: Lorenzo Colitti <lorenzo@google.com>
CC: Benedict Wong <benedictwong@google.com>
CC: Steffen Klassert <steffen.klassert@secunet.com>
CC: Shannon Nelson <shannon.nelson@oracle.com>
CC: Antony Antony <antony@phenome.org>
CC: Eyal Birger <eyal.birger@gmail.com>
Fixes: f203b76d78 ("xfrm: Add virtual xfrm interfaces")
Reported-by: Julien Floret <julien.floret@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2019-07-03 10:53:06 +02:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2019-04-23 19:09:58 +02:00
9p 9p/net: fix memory leak in p9_client_create 2019-03-13 11:50:04 +01:00
802
8021q vlan: Mark expected switch fall-through 2019-05-20 11:38:55 -07:00
appletalk Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-02 22:14:21 -04:00
atm net: atm: clean up a range check 2019-05-05 10:25:52 -07:00
ax25 net: ax25: fix misuse of %x 2019-04-21 10:37:26 -07:00
batman-adv This feature/cleanup patchset includes the following patches: 2019-05-09 09:44:17 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
bpf bpf: Introduce bpf sk local storage 2019-04-27 09:07:04 -07:00
bpfilter treewide: prefix header search paths with $(srctree)/ 2019-05-18 11:49:57 +09:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-13 08:55:15 -07:00
caif net: caif: fix the value of size argument of snprintf 2019-05-17 11:31:15 -07:00
can netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
ceph AFS fixes 2019-05-16 17:00:13 -07:00
core net: avoid weird emergency message 2019-05-16 14:25:58 -07:00
dcb netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
dccp net: dccp : proto: remove Unneeded variable "err" 2019-05-12 13:21:30 -07:00
decnet netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
dns_resolver dns_resolver: Allow used keys to be invalidated 2019-05-15 17:35:54 +01:00
dsa net: dsa: Initialize DSA_SKB_CB(skb)->deferred_xmit variable 2019-05-12 13:19:46 -07:00
ethernet net: ethernet: support of_get_mac_address new ERR_PTR error 2019-05-07 12:22:47 -07:00
hsr genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
ieee802154 genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
ife
ipv4 net: Treat sock->sk_drops as an unsigned int when printing 2019-05-19 10:31:10 -07:00
ipv6 net: Treat sock->sk_drops as an unsigned int when printing 2019-05-19 10:31:10 -07:00
iucv
kcm kcm: switch order of device registration to fix a crash 2019-04-01 14:59:20 -07:00
key af_key: fix leaks in key_pol_get_resp and dump_sp. 2019-05-28 09:20:52 +02:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-07 17:22:09 -07:00
l3mdev
lapb
llc llc: Check address length before reading address field 2019-04-12 10:25:03 -07:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-02 22:14:21 -04:00
mac802154
mpls netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
ncsi genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
netfilter net: replace CONFIG_DEBUG_KERNEL with CONFIG_DEBUG_MISC 2019-05-14 19:52:50 -07:00
netlabel genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
netlink net: Treat sock->sk_drops as an unsigned int when printing 2019-05-19 10:31:10 -07:00
netrom net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
nfc genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
nsh
openvswitch openvswitch: Replace removed NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 2019-05-08 09:43:15 -07:00
packet packet: Fix error path in packet_init 2019-05-09 13:45:46 -07:00
phonet net: Treat sock->sk_drops as an unsigned int when printing 2019-05-19 10:31:10 -07:00
psample genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
qrtr net: qrtr: Fix message type of outgoing packets 2019-05-20 20:50:31 -04:00
rds mm/gup: change GUP fast to use flags rather than a write 'bool' 2019-05-14 09:47:46 -07:00
rfkill *: convert stream-like files from nonseekable_open -> stream_open 2019-05-06 17:46:41 +03:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-25 23:52:29 -04:00
rxrpc rxrpc: Allow the kernel to mark a call as being non-interruptible 2019-05-16 16:25:20 +01:00
sched net/sched: avoid double free on matchall reoffload 2019-05-08 16:34:58 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
smc 5.2 Merge Window pull request 2019-05-09 09:02:46 -07:00
strparser net: strparser: make it explicitly non-modular 2019-04-22 21:50:54 -07:00
sunrpc This pull consists mostly of nfsd container work: 2019-05-15 18:21:43 -07:00
switchdev switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tipc tipc: fix modprobe tipc failed after switch order of device registration 2019-05-20 10:45:43 -07:00
tls net/tls: handle errors from padding_length() 2019-05-09 16:37:39 -07:00
unix datagram: remove rendundant 'peeked' argument 2019-04-08 09:51:54 -07:00
vmw_vsock vsock/virtio: Initialize core virtio vsock before registering the driver 2019-05-18 10:50:28 -07:00
wimax genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-05-07 22:03:58 -07:00
x25 net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
xdp mm/gup: replace get_user_pages_longterm() with FOLL_LONGTERM 2019-05-14 09:47:45 -07:00
xfrm xfrm interface: fix memory leak on creation 2019-07-03 10:53:06 +02:00
compat.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
Kconfig net: devlink: select NET_DEVLINK from drivers 2019-03-24 14:55:31 -04:00
Makefile net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
socket.c net: fix kernel-doc warnings for socket.c 2019-05-19 10:33:22 -07:00
sysctl_net.c