lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1456608019.2651.20.camel@tiscali.nl>
Date:	Sat, 27 Feb 2016 22:20:19 +0100
From:	Paul Bolle <pebolle@...cali.nl>
To:	Dmitry Vyukov <dvyukov@...gle.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Jiri Slaby <jslaby@...e.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Peter Hurley <peter@...leysoftware.com>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	J Freyensee <james_p_freyensee@...ux.intel.com>,
	Alexander Potapenko <glider@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	syzkaller <syzkaller@...glegroups.com>
Subject: Re: tty: memory leak in tty_register_driver

(I was AFK this week. So my reply is a bit late.)

On ma, 2016-02-22 at 10:53 +0100, Dmitry Vyukov wrote:
> On Thu, Feb 18, 2016 at 11:45 PM, Paul Bolle <pebolle@...cali.nl>
> > Fascinating issue. Makes zero sense to me. sysfs_init? Anyhow, since
> > the
> > people actually familiar with this code have stayed silent until
> > now, I
> > have some obvious questions:
> > - does this only trigger with line discipline N_GSM0710?
> > - is this a new issue or do older trees also trigger it (in other
> >   words: have you tried bisecting this)?
> 
> I can say that it does not happen with 1, 2, 3, 4 and 7.

Side note: 4 (N_STRIP) is unused. As are 8 (N_MASC), 10
(N_PROFIBUS_FDL), and 12 (N_SMSBLOCK). So you could as well skip these
for syzkaller's tests.

> So there are
> chances that it is N_GSM0710-specific. 5 and 6 trigger lots of leaks,
> but they are different. I did not try to bisect it.

I've looked into this the previous week (because your reproducer
resembled the code that triggered the recent N_GIGASET_M101 leak). I was
unable to reproduce the issue myself. And, as far as I can remember now,
N_GSM0710's open() operation is rather non-trivial. So I soon gave up on
hoping to find a leak or any other obvious issue by, well, reviewing the
code involved. Sorry about that.

Thanks,


Paul Bolle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ