lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 01 Jun 2017 16:43:16 +0100
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org, "John Keeping" <john@...anate.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>
Subject: [PATCH 3.16 138/212] PM / QoS: Fix memory leak on resume_latency.notifiers

3.16.44-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: John Keeping <john@...anate.com>

commit e84b4a84e52d4cd8770b4242cd09df0133333f63 upstream.

Since commit 2d984ad132a8 (PM / QoS: Introcuce latency tolerance device
PM QoS type) we reassign "c" to point at qos->latency_tolerance before
freeing c->notifiers, but the notifiers field of latency_tolerance is
never used.

Restore the original behaviour of freeing the notifiers pointer on
qos->resume_latency, which is used, and fix the following kmemleak
warning.

unreferenced object 0xed9dba00 (size 64):
  comm "kworker/0:1", pid 36, jiffies 4294670128 (age 15202.983s)
  hex dump (first 32 bytes):
    00 00 00 00 04 ba 9d ed 04 ba 9d ed 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<c06f6084>] kmemleak_alloc+0x74/0xb8
    [<c011c964>] kmem_cache_alloc_trace+0x170/0x25c
    [<c035f448>] dev_pm_qos_constraints_allocate+0x3c/0xe4
    [<c035f574>] __dev_pm_qos_add_request+0x84/0x1a0
    [<c035f6cc>] dev_pm_qos_add_request+0x3c/0x54
    [<c03c3fc4>] usb_hub_create_port_device+0x110/0x2b8
    [<c03b2a60>] hub_probe+0xadc/0xc80
    [<c03bb050>] usb_probe_interface+0x1b4/0x260
    [<c035773c>] driver_probe_device+0x198/0x40c
    [<c0357b14>] __device_attach_driver+0x8c/0x98
    [<c0355bbc>] bus_for_each_drv+0x8c/0x9c
    [<c0357494>] __device_attach+0x98/0x138
    [<c0357c64>] device_initial_probe+0x14/0x18
    [<c03569dc>] bus_probe_device+0x30/0x88
    [<c0354c54>] device_add+0x430/0x554
    [<c03b92d8>] usb_set_configuration+0x660/0x6fc

Fixes: 2d984ad132a8 (PM / QoS: Introcuce latency tolerance device PM QoS type)
Signed-off-by: John Keeping <john@...anate.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 drivers/base/power/qos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/base/power/qos.c
+++ b/drivers/base/power/qos.c
@@ -277,7 +277,7 @@ void dev_pm_qos_constraints_destroy(stru
 	dev->power.qos = ERR_PTR(-ENODEV);
 	spin_unlock_irq(&dev->power.lock);
 
-	kfree(c->notifiers);
+	kfree(qos->resume_latency.notifiers);
 	kfree(qos);
 
  out:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ