| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <A07D8003-F1EB-4408-A3F2-E043DF678296@holtmann.org>
Date: Sat, 20 Aug 2016 08:01:03 +0200
From: Marcel Holtmann <marcel@...tmann.org>
To: Larry Finger <Larry.Finger@...inger.net>
Cc: "Gustavo F. Padovan" <gustavo@...ovan.org>,
Johan Hedberg <johan.hedberg@...il.com>,
Linux Bluetooth mailing list
<linux-bluetooth@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: Memory (skb) leak in kernel 4.8-rc2
Hi Larry,
> I am seeing two skb leaks in the BT sub-system for kernel 4.8-rc2. I only recently re-enabled kmemleak, but I do not think I saw these leaks in 4.7.
>
> The first leak is at btusb_recv_intr+0x12b/0x170 [btusb]. This address refers to the call to bt_skb_alloc() in routine btusb_recv_intr().
do you have a backtrace for this one? Also which hardware is this?
> The second leak is at hci_event_packet+0xb8/0x30b0 [bluetooth]. The backtrace for this address is
>
> 0x13d38 is in hci_event_packet (net/bluetooth/hci_event.c:5254).
> 5249 * various handlers may modify the original one through
> 5250 * skb_pull() calls, etc.
> 5251 */
> 5252 if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
> 5253 event == HCI_EV_CMD_COMPLETE)
> 5254 orig_skb = skb_clone(skb, GFP_KERNEL);
> 5255
> 5256 skb_pull(skb, HCI_EVENT_HDR_SIZE);
> 5257
> 5258 switch (event) {
>
> I am unable to unload module bluetooth to verify that the second leak is not a false positive; however, the one in btusb is a real memory leak.
I can not see a leak. Maybe Johan has an idea.
Regards
Marcel
Powered by blists - more mailing lists