lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 28 Jul 2014 19:32:11 +0800
From:	"xinhui.pan" <xinhuix.pan@...el.com>
To:	Jiri Slaby <jslaby@...e.cz>, Greg KH <gregkh@...uxfoundation.org>
CC:	"Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>,
	Peter Hurley <peter@...leysoftware.com>,
	mnipxh <mnipxh@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty/n_gsm.c: fix a memory leak in gsmld_open

于 2014年07月28日 17:03, xinhui.pan 写道:
> Hi, Jiri
> 
> 于 2014年07月28日 16:49, Jiri Slaby 写道:
>> On 07/28/2014 10:14 AM, xinhui.pan wrote:
>>> If gsmld_attach_gsm fails, the gsm is not used anymore.
>>> tty core will not call gsmld_close to do the cleanup work.
>>> tty core just restore to the tty old ldisc.
>>> That always causes memory leak.
>>
>> Nice catch!
>>
>>> --- a/drivers/tty/n_gsm.c
>>> +++ b/drivers/tty/n_gsm.c
>>> @@ -2382,7 +2383,13 @@ static int gsmld_open(struct tty_struct *tty)
>>>  
>>>  	/* Attach the initial passive connection */
>>>  	gsm->encoding = 1;
>>> -	return gsmld_attach_gsm(tty, gsm);
>>> +
>>> +	ret = gsmld_attach_gsm(tty, gsm);
>>> +	if (ret != 0) {
>>> +		gsm_cleanup_mux(gsm);
>>> +		mux_put(gsm);
>>
>> It is quite illogical to put the mux here. It should be in gsmld_open.
>> I.e. gsm_cleanup_mux here, mux_put there.
>>
> 
> Thanks for your reply :)
> But I am a little confused with your comments, could you explain it when you are free?
> Sorry for my poor English.
> 

hi, Jiri
	I guess you want gsm_cleanup_mux() called in gsmld_attach_gsm(), just after gsm_activate_mux() fails?
Yes, that seems really make sence. :)
Thanks for pointing out it.

Let me explain my opinion. :)
Actually gsmld_attach_gsm results in two different effects when it fails. 
(a)gsmld_attach_gsm -> gsm_activate_mux(gsm_mux[] is full,-EBUSY), then gsm_mux[] did not change, and gsm->num is invaild;
(b)gsmld_attach_gsm -> gsm_activate_mux(return -ENOMEM), then gsm_mux[] changes, and gsm->num is vaild.

To be honest, I am not very clear about this. I even suspect this is done in such way on purpose.
So I just keep the code what it is now. Let's handle the error in gsmld_open(). 
We can make sure that gsm is not used here and it's safe to cleanup and put it.

thanks,

xinhui

> thanks,
> 
> xinhui
> 
>> thanks,
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists