| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Mar 2013 13:10:29 +1030
From: Rusty Russell <rusty@...tcorp.com.au>
To: Ben Hutchings <ben@...adent.org.uk>
Cc: Satoru Takeuchi <satoru.takeuchi@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Aurelien Jarno <aurelien@...el32.net>,
Matt Mackall <mpm@...enic.com>,
Herbert Xu <herbert@...dor.apana.org.au>
Subject: Re: [PATCH] hw_random: free rng_buffer at module exit
Ben Hutchings <ben@...adent.org.uk> writes:
> On Fri, 2013-03-15 at 15:35 +1030, Rusty Russell wrote:
>> Satoru Takeuchi <satoru.takeuchi@...il.com> writes:
>> > At Thu, 14 Mar 2013 17:11:21 +1030,
>> > Rusty Russell wrote:
>> >>
>> >> Satoru Takeuchi <satoru.takeuchi@...il.com> writes:
>> >> > Hi Rusty,
>> >> >
>> >> > At Tue, 12 Mar 2013 15:43:33 -0700,
>> >> > Greg Kroah-Hartman wrote:
>> >> >> @@ -307,6 +312,14 @@ int hwrng_register(struct hwrng *rng)
>> >> >>
>> >> >> mutex_lock(&rng_mutex);
>> >> >>
>> >> >> + /* kmalloc makes this safe for virt_to_page() in virtio_rng.c */
>> >> >> + err = -ENOMEM;
>> >> >> + if (!rng_buffer) {
>> >> >> + rng_buffer = kmalloc(rng_buffer_size(), GFP_KERNEL);
>> >> >
>> >> > rng_buffer is now kmalloc-ed, but not kfree-ed. Shoudn't it be kfree-ed
>> >> > at hwrng_unregister()? If my suspect is correct, the same problem is
>> >> > in 3.8.3-rc1 and 3.0.69-rc1. I'm OK to make a patch, but it'll be after
>> >> > some hours.
>> >> >
>> >> > Corecct me if I'm wrong.
>> >>
>> >> Yes, it would be nice to free it, but it really makes sense to free it
>> >> in module_cleanup() (which would have to be written, as the module
>> >> currently doesn't have one).
>> >>
>> >> Cheers,
>> >> Rusty.
>> >
>> > From: Satoru Takeuchi <satoru.takeuchi@...il.com>
>> >
>> > rng-core module allocates rng_buffer by kmalloc() since commit
>> > f7f154f1246ccc5a0a7e9ce50932627d60a0c878. But this buffer won't be
>> > freed and there is a memory leak possibility at module exit.
>> >
>> > Signed-off-by: Satoru Takeuchi <satoru.takeuchi@...il.com>
>> > Cc: Rusty Russell <rusty@...tcorp.com.au>
>> > Cc: Matt Mackall <mpm@...enic.com>
>> > Cc: Herbert Xu <herbert@...dor.apana.org.au>
>> > Cc: Aurelien Jarno <aurelien@...el32.net>
>> > Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> > Cc: stable@...r.kernel.org
>>
>> Cc: stable might be overkill, but I've tested it and put it in my patch
>> queue, and will push it to Linus once it's survived linux-next.
>
> If the module cannot be removed currently, it does not leak. Making it
> removable is a feature addition and I think you're right that it's not
> suitable for stable.
No, the module has always been removable, but the tiny leak is more a
theoretical problem I'd say. AFAICT udev never removes modules, so even
if you have a randomness device which bounces in and out every second,
it still won't leak 5MB a day.
Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists