| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1500893441.16387.2.camel@suse.com>
Date: Mon, 24 Jul 2017 12:50:41 +0200
From: Oliver Neukum <oneukum@...e.com>
To: Jeffy Chen <jeffy.chen@...k-chips.com>,
linux-kernel@...r.kernel.org
Cc: briannorris@...omium.org, dianders@...omium.org,
Johan Hedberg <johan.hedberg@...il.com>,
xiyou.wangcong@...il.com, Marcel Holtmann <marcel@...tmann.org>,
Gustavo Padovan <gustavo@...ovan.org>,
linux-bluetooth@...r.kernel.org
Subject: Re: [PATCH v6] Bluetooth: btusb: Fix memory leak in play_deferred
Am Donnerstag, den 20.07.2017, 18:53 +0800 schrieb Jeffy Chen:
> Currently we are calling usb_submit_urb directly to submit deferred tx
> urbs after unanchor them.
>
> So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb
> and cause memory leak:
> unreferenced object 0xffffffc0ce0fa400 (size 256):
> ...
> backtrace:
> [<ffffffc00034a9a8>] __save_stack_trace+0x48/0x6c
> [<ffffffc00034b088>] create_object+0x138/0x254
> [<ffffffc0009d5504>] kmemleak_alloc+0x58/0x8c
> [<ffffffc000345f78>] __kmalloc+0x1d4/0x2a0
> [<ffffffc0006765bc>] usb_alloc_urb+0x30/0x60
> [<ffffffbffc128598>] alloc_ctrl_urb+0x38/0x120 [btusb]
> [<ffffffbffc129e7c>] btusb_send_frame+0x64/0xf8 [btusb]
>
> Put those urbs in tx_anchor to avoid the leak, and also fix the error
> handling.
>
> Signed-off-by: Jeffy Chen <jeffy.chen@...k-chips.com>
Reviewed-by: Oliver Neukum <oneukum@...e.com>
Powered by blists - more mailing lists