lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 Feb 2009 23:36:00 +0900 (JST)
From:	Atsushi Nemoto <anemo@....ocn.ne.jp>
To:	s.hauer@...gutronix.de
Cc:	linux-mtd@...ts.infradead.org, dwmw2@...radead.org,
	linux-kernel@...r.kernel.org, vapier.adi@...il.com
Subject: Re: [PATCH] physmap: Fix leak of memory returned by
 parse_mtd_partitions

On Tue, 24 Feb 2009 14:35:05 +0100, Sascha Hauer <s.hauer@...gutronix.de> wrote:
> On Wed, Nov 12, 2008 at 11:57:33PM +0900, Atsushi Nemoto wrote:
> > The mtd partition parser returns an allocated pointer array of
> > mtd_partition.  The caller must free it.  The array is used only for
> > add_mtd_partitions(), so free it just after the call.
> 
> This patch breaks command line parsing support. With command line
> partition parsing the struct mtd_partition array is allocated, but only
> once. On my board with NAND and NOR (both with command line partition
> parsing) It fails badly in parse_cmdline_partitions() when the second
> device gets parsed.
> 
> The following patch fixes it, but I don't know if this is
> the correct solution. Does anybody have more insights on this?

Do your NAND and NOR have same mtd-id?  The cmdlinepart allocates
mtd_partition aray for each mtd-id.  So usually another array will be
returned for NAND and NOR.

The physmap patch has another bug and fixes are on the way mainline:

http://git.infradead.org/mtd-2.6.git?a=commit;h=e480814f138cd5d78a8efe397756ba6b6518fdb6

But this seems not enough, as you wrote.  If multiple mtd have same
mtd-id, bad things can happen.  And more seriously, if I load physmap
driver _again_ after unload, cmdlinepart will return a freed pointer
on the second time.

Hmm, little memory leak is less serious than crash.  Now I start
thinking reverting the commit 176bf2e0 will be best for 2.6.29
release.

I'm not sure for long term solutions.

A) make all parsers return kmalloc-ed mtd_partition array each time
   and fix memory leak in each driver

B) make all parsers return mtd_partition array allocated only once,
   and fix drivers which free the mtd_partition array.

David, how do you think?

---
Atsushi Nemoto
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ