| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Aug 2008 14:25:24 -0700
From: "Justin Mattock" <justinmattock@...il.com>
To: "Andrew Morton" <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
"Matthew Garrett" <mjg59@...f.ucam.org>,
"Greg KH" <greg@...ah.com>, "Rafael J. Wysocki" <rjw@...k.pl>
Subject: Re: BUG kmalloc-64: Object already free
On Thu, Aug 7, 2008 at 2:19 PM, Andrew Morton <akpm@...ux-foundation.org> wrote:
> On Wed, 6 Aug 2008 14:21:08 -0700
> "Justin Mattock" <justinmattock@...il.com> wrote:
>
>> I must be honest, 2.6.27-rc1-00156-g94ad374
>> has made me entirely lazy with wanting to add any patches
>> or taking anything out... but I guess I'll have to pull
>> and add a patch that was sent to me yesterday.
>> upon booting I saw this for the first time with isight: <dmesg below>
>>
>
> hrmpf. Rafael went and assigned this to me.
>
>> [ 12.017890] hub 5-0:1.0: 8 ports detected
>> [ 12.067187] =============================================================================
>> [ 12.067875] BUG kmalloc-64: Object already free
>> [ 12.067875] -----------------------------------------------------------------------------
>> [ 12.067875]
>> [ 12.067875] INFO: Allocated in isight_firmware_load+0x23/0x1ef
>> [isight_firmware] age=54 cpu=0 pid=1548
>> [ 12.067875] INFO: Freed in isight_firmware_load+0x1c2/0x1ef
>> [isight_firmware] age=0 cpu=0 pid=1548
>> [ 12.067875] INFO: Slab 0xc169b1e0 objects=36 used=35 fp=0xf4d8f540
>> flags=0x400000c3
>> [ 12.067875] INFO: Object 0xf4d8f540 @offset=1344 fp=0x00000000
>> [ 12.067875]
>> [ 12.067875] Bytes b4 0xf4d8f530: 00 00 00 00 00 00 00 00 5a 5a 5a
>> 5a 5a 5a 5a 5a ........ZZZZZZZZ
>> [ 12.067875] Object 0xf4d8f540: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [ 12.067875] Object 0xf4d8f550: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [ 12.067875] Object 0xf4d8f560: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
>> [ 12.067875] Object 0xf4d8f570: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
>> 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk__
>> [ 12.067875] Redzone 0xf4d8f580: bb bb bb bb
>> ________
>> [ 12.067875] Padding 0xf4d8f5a8: 5a 5a 5a 5a 5a 5a 5a 5a
>> ZZZZZZZZ
>> [ 12.067875] Pid: 1548, comm: modprobe Tainted: P
>> 2.6.27-rc1-00156-g94ad374 #5
>> [ 12.067875] [<c0170a6f>] print_trailer+0xd4/0xdc
>> [ 12.067875] [<c0170b2f>] object_err+0x25/0x30
>> [ 12.067875] [<c0171388>] __slab_free+0x1b9/0x279
>> [ 12.067875] [<c0171ad9>] kfree+0xa3/0xb9
>> [ 12.067875] [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
>> [isight_firmware]
>> [ 12.067875] [<f8be01e1>] ? isight_firmware_load+0x1dc/0x1ef
>> [isight_firmware]
>> [ 12.067875] [<f8be01e1>] isight_firmware_load+0x1dc/0x1ef [isight_firmware]
>> [ 12.067875] [<c02ced3b>] usb_probe_interface+0xbd/0xf2
>> [ 12.067875] [<c0284638>] driver_probe_device+0xb8/0x133
>> [ 12.067875] [<c02846f0>] __driver_attach+0x3d/0x5f
>> [ 12.067875] [<c0283e5c>] bus_for_each_dev+0x37/0x5c
>> [ 12.067875] [<c02844b7>] driver_attach+0x14/0x16
>> [ 12.067875] [<c02846b3>] ? __driver_attach+0x0/0x5f
>> [ 12.067875] [<c02841f7>] bus_add_driver+0x93/0x1bc
>> [ 12.067875] [<c028486b>] driver_register+0x71/0xcc
>> [ 12.067875] [<c02ce6cf>] usb_register_driver+0x71/0xcb
>> [ 12.067875] [<f8be2017>] isight_firmware_init+0x17/0x19 [isight_firmware]
>> [ 12.067875] [<c0142f25>] sys_init_module+0x163f/0x17ae
>> [ 12.067875] [<c01171e6>] ? kmap_atomic_prot+0x1a8/0x1d5
>> [ 12.067875] [<c0153d77>] ? unlock_page+0x25/0x28
>> [ 12.067875] [<c0102f9a>] syscall_call+0x7/0xb
>> [ 12.067875] =======================
>> [ 12.067875] FIX kmalloc-64: Object at 0xf4d8f540 not freed
>
> But fortunately Parag already fixed it, so I'll merge his fix in my
> next batch to Linus.
>
>
>
> From: "Parag Warudkar" <parag.warudkar@...il.com>
>
> Signed-off-by: Parag Warudkar <parag.warudkar@...il.com>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> ---
>
> drivers/usb/misc/isight_firmware.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff -puN drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree drivers/usb/misc/isight_firmware.c
> --- a/drivers/usb/misc/isight_firmware.c~isight_firmware-fix-a-leak-and-double-kfree
> +++ a/drivers/usb/misc/isight_firmware.c
> @@ -48,7 +48,8 @@ static int isight_firmware_load(struct u
>
> if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) {
> printk(KERN_ERR "Unable to load isight firmware\n");
> - return -ENODEV;
> + ret = -ENODEV;
> + goto out;
> }
>
> ptr = firmware->data;
> @@ -91,7 +92,6 @@ static int isight_firmware_load(struct u
> buf, llen, 300) != llen) {
> printk(KERN_ERR
> "Failed to load isight firmware\n");
> - kfree(buf);
> ret = -ENODEV;
> goto out;
> }
> _
>
>
Cool.
--
Justin P. Mattock
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists