| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Sep 2018 14:26:30 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: nixiaoming <nixiaoming@...wei.com>
Cc: <jack@...e.cz>, <amir73il@...il.com>,
<linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Joel Fernandes <joelaf@...gle.com>,
Geliang Tang <geliangtang@...il.com>
Subject: Re: [PATCH] fix memory leak in ramoops_init
On Mon, 17 Sep 2018 17:15:31 +0800 nixiaoming <nixiaoming@...wei.com> wrote:
> 1, memory leak in ramoops_register_dummy.
> dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
> but no free when platform_device_register_data return fail
>
> 2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
> but platform_driver_register(&ramoops_driver) return 0
> kfree(NULL) in ramoops_exit
> so, add return val for ramoops_register_dummy, and check it in ramoops_init
>
> 3, memory leak in ramoops_init.
> miss platform_device_unregister(dummy) and kfree(dummy_data)
> when platform_driver_register(&ramoops_driver) return fail
Looks right.
It's unclear (to me) who maintains fs/pstore/ram.c. Let's add some
Cc's and see if we can catch a reviewed-by.
From: nixiaoming <nixiaoming@...wei.com>
Subject: fs/pstore/ram.c: fix memory leak in ramoops_init()
1, memory leak in ramoops_register_dummy.
dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
but no free when platform_device_register_data return fail
2, if kzalloc(sizeof(*dummy_data), GFP_KERNEL) return NULL,
but platform_driver_register(&ramoops_driver) return 0
kfree(NULL) in ramoops_exit
so, add return val for ramoops_register_dummy, and check it in ramoops_init
3, memory leak in ramoops_init.
miss platform_device_unregister(dummy) and kfree(dummy_data)
when platform_driver_register(&ramoops_driver) return fail
Link: http://lkml.kernel.org/r/20180917091531.21356-1-nixiaoming@huawei.com
Signed-off-by: nixiaoming <nixiaoming@...wei.com>
Cc: Jan Kara <jack@...e.cz>
Cc: Amir Goldstein <amir73il@...il.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Joel Fernandes <joelaf@...gle.com>
Cc: Geliang Tang <geliangtang@...il.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
---
fs/pstore/ram.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
--- a/fs/pstore/ram.c~fix-memory-leak-in-ramoops_init
+++ a/fs/pstore/ram.c
@@ -898,17 +898,17 @@ static struct platform_driver ramoops_dr
},
};
-static void ramoops_register_dummy(void)
+static int ramoops_register_dummy(void)
{
if (!mem_size)
- return;
+ return -EINVAL;
pr_info("using module parameters\n");
dummy_data = kzalloc(sizeof(*dummy_data), GFP_KERNEL);
if (!dummy_data) {
pr_info("could not allocate pdata\n");
- return;
+ return -ENOMEM;
}
dummy_data->mem_size = mem_size;
@@ -932,13 +932,25 @@ static void ramoops_register_dummy(void)
if (IS_ERR(dummy)) {
pr_info("could not create platform device: %ld\n",
PTR_ERR(dummy));
+ kfree(dummy_data);
+ return PTR_ERR(dummy);
}
+ return 0;
}
static int __init ramoops_init(void)
{
- ramoops_register_dummy();
- return platform_driver_register(&ramoops_driver);
+ int ret = ramoops_register_dummy();
+
+ if (ret != 0)
+ return ret;
+
+ ret = platform_driver_register(&ramoops_driver);
+ if (ret != 0) {
+ platform_device_unregister(dummy);
+ kfree(dummy_data);
+ }
+ return ret;
}
late_initcall(ramoops_init);
_
Powered by blists - more mailing lists