lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 18 Feb 2016 23:45:49 +0100
From:	Paul Bolle <pebolle@...cali.nl>
To:	Dmitry Vyukov <dvyukov@...gle.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Jiri Slaby <jslaby@...e.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Peter Hurley <peter@...leysoftware.com>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	J Freyensee <james_p_freyensee@...ux.intel.com>,
	Alexander Potapenko <glider@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	syzkaller <syzkaller@...glegroups.com>
Subject: Re: tty: memory leak in tty_register_driver

Dmitry,

On ma, 2016-02-15 at 11:42 +0100, Dmitry Vyukov wrote:
> When I am running the following program in a parallel loop, kmemleak
> starts reporting memory leaks of objects allocated in
> tty_register_driver during boot.

Because these tty drivers are built in?

>  These leaks start popping up
> chaotically and as you can see they originate in different drivers
> (synclinkmp_init, isdn_init, chr_dev_init, sysfs_init).
> 
> On commit 388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95 (4.5-rc3).
> 
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <sys/ioctl.h>

If you (or syzkaller) add
	#include <linux/tty.h>

here...

> int main()
> {
>   int fd, val;
> 
>   fd = open("/dev/ptmx", O_RDWR);
>   val = 21;

you can use
	val = N_GSM0710;

here. That is probably much clearer for the readers of this report. (No
one bothers to remember these values. No one sane, at least.)

>   ioctl(fd, TIOCSETD, &val);
>   return 0;
> }

Fascinating issue. Makes zero sense to me. sysfs_init? Anyhow, since the
people actually familiar with this code have stayed silent until now, I
have some obvious questions:
- does this only trigger with line discipline N_GSM0710?
- is this a new issue or do older trees also trigger it (in other
  words: have you tried bisecting this)?

Thanks,


Paul Bolle

Powered by blists - more mailing lists