| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a62119eb-28d2-7b4d-acbb-6ca8d3a0c91d@lwfinger.net>
Date: Fri, 19 Aug 2016 16:02:44 -0500
From: Larry Finger <Larry.Finger@...inger.net>
To: Marcel Holtmann <marcel@...tmann.org>,
Gustavo Padovan <gustavo@...ovan.org>,
Johan Hedberg <johan.hedberg@...il.com>,
Linux Bluetooth mailing list
<linux-bluetooth@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Memory (skb) leak in kernel 4.8-rc2
I am seeing two skb leaks in the BT sub-system for kernel 4.8-rc2. I only
recently re-enabled kmemleak, but I do not think I saw these leaks in 4.7.
The first leak is at btusb_recv_intr+0x12b/0x170 [btusb]. This address refers to
the call to bt_skb_alloc() in routine btusb_recv_intr().
The second leak is at hci_event_packet+0xb8/0x30b0 [bluetooth]. The backtrace
for this address is
0x13d38 is in hci_event_packet (net/bluetooth/hci_event.c:5254).
5249 * various handlers may modify the original one through
5250 * skb_pull() calls, etc.
5251 */
5252 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5253 event == HCI_EV_CMD_COMPLETE)
5254 orig_skb = skb_clone(skb, GFP_KERNEL);
5255
5256 skb_pull(skb, HCI_EVENT_HDR_SIZE);
5257
5258 switch (event) {
I am unable to unload module bluetooth to verify that the second leak is not a
false positive; however, the one in btusb is a real memory leak.
As always, I will be happy to test any patches.
Larry
Powered by blists - more mailing lists