Re: [PATCH v2 1/1] af_unix: Fix memory leak in unix_dgram_sendmsg()
From: Joe Damato
Date: Mon Feb 24 2025 - 22:03:48 EST
On Tue, Feb 25, 2025 at 10:14:57AM +0800, Adrian Huang wrote:
> From: Adrian Huang <ahuang12@xxxxxxxxxx>
>
> After running the 'sendmsg02' program of Linux Test Project (LTP),
> kmemleak reports the following memory leak:
>
> # cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffff888243866800 (size 2048):
> comm "sendmsg02", pid 67, jiffies 4294903166
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 5e 00 00 00 00 00 00 00 ........^.......
> 01 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
> backtrace (crc 7e96a3f2):
> kmemleak_alloc+0x56/0x90
> kmem_cache_alloc_noprof+0x209/0x450
> sk_prot_alloc.constprop.0+0x60/0x160
> sk_alloc+0x32/0xc0
> unix_create1+0x67/0x2b0
> unix_create+0x47/0xa0
> __sock_create+0x12e/0x200
> __sys_socket+0x6d/0x100
> __x64_sys_socket+0x1b/0x30
> x64_sys_call+0x7e1/0x2140
> do_syscall_64+0x54/0x110
> entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
> Commit 689c398885cc ("af_unix: Defer sock_put() to clean up path in
> unix_dgram_sendmsg().") defers sock_put() in the error handling path.
> However, it fails to account for the condition 'msg->msg_namelen != 0',
> resulting in a memory leak when the code jumps to the 'lookup' label.
>
> Fix issue by calling sock_put() if 'msg->msg_namelen != 0' is met.
>
> Fixes: 689c398885cc ("af_unix: Defer sock_put() to clean up path in unix_dgram_sendmsg().")
> Signed-off-by: Adrian Huang <ahuang12@xxxxxxxxxx>
> ---
> Changelog v2:
> - Per Kuniyuki's suggestion: Remove 'else' statement
FYI according to netdev rules you should wait at least 24 hours
between repostings:
https://docs.kernel.org/process/maintainer-netdev.html#resending-after-review
That said:
Acked-by: Joe Damato <jdamato@xxxxxxxxxx>