lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080807141953.5760f255.akpm@linux-foundation.org>
Date:	Thu, 7 Aug 2008 14:19:53 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	"Justin Mattock" <justinmattock@...il.com>
Cc:	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
	Matthew Garrett <mjg59@...f.ucam.org>,
	Greg KH <greg@...ah.com>, "Rafael J. Wysocki" <rjw@...k.pl>
Subject: Re: BUG kmalloc-64: Object already free

On Wed, 6 Aug 2008 14:21:08 -0700
"Justin Mattock" <justinmattock@...il.com> wrote:

> I must be honest, 2.6.27-rc1-00156-g94ad374
> has made me entirely lazy with wanting to add any patches
> or taking anything out... but I guess I'll have to pull
> and add a patch that was sent to me yesterday.
> upon booting I saw this for the first time with isight: <dmesg below>
> 

hrmpf.  Rafael went and assigned this to me.

> [   12.017890] hub 5-0:1.0: 8 ports detected
> [   12.067187] =============================================================================
> [   12.067875] BUG kmalloc-64: Object already free
> [   12.067875] -----------------------------------------------------------------------------
> [   12.067875]
> [   12.067875] INFO: Allocated in isight_firmware_load+0x23/0x1ef
> [isight_firmware] age=54 cpu=0 pid=1548
> [   12.067875] INFO: Freed in isight_firmware_load+0x1c2/0x1ef
> [isight_firmware] age=0 cpu=0 pid=1548
> [   12.067875] INFO: Slab 0xc169b1e0 objects=36 used=35 fp=0xf4d8f540
> flags=0x400000c3
> [   12.067875] INFO: Object 0xf4d8f540 @offset=1344 fp=0x00000000
> [   12.067875]
> [   12.067875] Bytes b4 0xf4d8f530:  00 00 00 00 00 00 00 00 5a 5a 5a
> 5a 5a 5a 5a 5a ........ZZZZZZZZ
> [   12.067875]   Object 0xf4d8f540:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> [   12.067875]   Object 0xf4d8f550:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> [   12.067875]   Object 0xf4d8f560:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
> [   12.067875]   Object 0xf4d8f570:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
> 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk__
> [   12.067875]  Redzone 0xf4d8f580:  bb bb bb bb
>               ________
> [   12.067875]  Padding 0xf4d8f5a8:  5a 5a 5a 5a 5a 5a 5a 5a
>               ZZZZZZZZ
> [   12.067875] Pid: 1548, comm: modprobe Tainted: P
> 2.6.27-rc1-00156-g94ad374 #5
> [   12.067875]  [<c0170a6f>] print_trailer+0xd4/0xdc
> [   12.067875]  [<c0170b2f>] object_err+0x25/0x30
> [   12.067875]  [<c0171388>] __slab_free+0x1b9/0x279
> [   12.067875]  [<c0171ad9>] kfree+0xa3/0xb9
> [   12.067875]  [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
> [isight_firmware]
> [   12.067875]  [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
> [isight_firmware]
> [   12.067875]  [<f8be01e1>] isight_firmware_load+0x1dc/0x1ef [isight_firmware]
> [   12.067875]  [<c02ced3b>] usb_probe_interface+0xbd/0xf2
> [   12.067875]  [<c0284638>] driver_probe_device+0xb8/0x133
> [   12.067875]  [<c02846f0>] __driver_attach+0x3d/0x5f
> [   12.067875]  [<c0283e5c>] bus_for_each_dev+0x37/0x5c
> [   12.067875]  [<c02844b7>] driver_attach+0x14/0x16
> [   12.067875]  [<c02846b3>] ? __driver_attach+0x0/0x5f
> [   12.067875]  [<c02841f7>] bus_add_driver+0x93/0x1bc
> [   12.067875]  [<c028486b>] driver_register+0x71/0xcc
> [   12.067875]  [<c02ce6cf>] usb_register_driver+0x71/0xcb
> [   12.067875]  [<f8be2017>] isight_firmware_init+0x17/0x19 [isight_firmware]
> [   12.067875]  [<c0142f25>] sys_init_module+0x163f/0x17ae
> [   12.067875]  [<c01171e6>] ? kmap_atomic_prot+0x1a8/0x1d5
> [   12.067875]  [<c0153d77>] ? unlock_page+0x25/0x28
> [   12.067875]  [<c0102f9a>] syscall_call+0x7/0xb
> [   12.067875]  =======================
> [   12.067875] FIX kmalloc-64: Object at 0xf4d8f540 not freed

But fortunately Parag already fixed it, so I'll merge his fix in my
next batch to Linus.



From: "Parag Warudkar" <parag.warudkar@...il.com>

Signed-off-by: Parag Warudkar <parag.warudkar@...il.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
---

 drivers/usb/misc/isight_firmware.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff -puN drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree drivers/usb/misc/isight_firmware.c
--- a/drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree
+++ a/drivers/usb/misc/isight_firmware.c
@@ -48,7 +48,8 @@ static int isight_firmware_load(struct u
 
 	if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) {
 		printk(KERN_ERR "Unable to load isight firmware\n");
-		return -ENODEV;
+		ret = -ENODEV;
+		goto out;
 	}
 
 	ptr = firmware->data;
@@ -91,7 +92,6 @@ static int isight_firmware_load(struct u
 			     buf, llen, 300) != llen) {
 				printk(KERN_ERR
 				       "Failed to load isight firmware\n");
-				kfree(buf);
 				ret = -ENODEV;
 				goto out;
 			}
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ