| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200620074542.GA2298609@kroah.com>
Date: Sat, 20 Jun 2020 09:45:42 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: "Rafael J. Wysocki" <rafael@...nel.org>,
Ronald Tschalär <ronald@...ovation.ch>,
Nicolai Stange <nicstange@...il.com>,
David Rientjes <rientjes@...gle.com>,
Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org
Subject: Re: debugfs_create_u32_array() memory leaks
On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> Hi!
>
> I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> and it causes memory leaks:
>
> unreferenced object 0xffff8880546642a0 (size 16):
> comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> hex dump (first 16 bytes):
> 84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
> backtrace:
> [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
>
> I can see that debugfs_create_u32_array() allocates a structure at
> create time that ends up assigned to inode->i_private, but I don't
> see it freed anywhere.
>
> Am I missing something? I'm pretty sure files get removed, cause the
> driver calls debugfs_remove_recursive() and no other file types leaks.
Yeah, that's a bug, nice catch. The debugfs_create*() functions should
not allocate local memory as we can't know to free that memory when the
file is removed.
Can you fix this up, or do you want me to? I only see one in-kernel
user of this, so it shouldn't be that tough to do so. The one user
never removes that file so that's why no one noticed this before.
thanks,
greg k-h
Powered by blists - more mailing lists