lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Feb 2016 23:45:49 +0100 From: Paul Bolle <pebolle@...cali.nl> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jslaby@...e.com>, LKML <linux-kernel@...r.kernel.org>, Peter Hurley <peter@...leysoftware.com>, One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>, J Freyensee <james_p_freyensee@...ux.intel.com>, Alexander Potapenko <glider@...gle.com>, Kostya Serebryany <kcc@...gle.com>, Sasha Levin <sasha.levin@...cle.com>, syzkaller <syzkaller@...glegroups.com> Subject: Re: tty: memory leak in tty_register_driver Dmitry, On ma, 2016-02-15 at 11:42 +0100, Dmitry Vyukov wrote: > When I am running the following program in a parallel loop, kmemleak > starts reporting memory leaks of objects allocated in > tty_register_driver during boot. Because these tty drivers are built in? > These leaks start popping up > chaotically and as you can see they originate in different drivers > (synclinkmp_init, isdn_init, chr_dev_init, sysfs_init). > > On commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95 (4.5-rc3). > > // autogenerated by syzkaller (http://github.com/google/syzkaller) > #include <sys/types.h> > #include <sys/stat.h> > #include <fcntl.h> > #include <sys/ioctl.h> If you (or syzkaller) add #include <linux/tty.h> here... > int main() > { > int fd, val; > > fd = open("/dev/ptmx", O_RDWR); > val = 21; you can use val = N_GSM0710; here. That is probably much clearer for the readers of this report. (No one bothers to remember these values. No one sane, at least.) > ioctl(fd, TIOCSETD, &val); > return 0; > } Fascinating issue. Makes zero sense to me. sysfs_init? Anyhow, since the people actually familiar with this code have stayed silent until now, I have some obvious questions: - does this only trigger with line discipline N_GSM0710? - is this a new issue or do older trees also trigger it (in other words: have you tried bisecting this)? Thanks, Paul Bolle
Powered by blists - more mailing lists