lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57f041d036a6a472c1463ab5d5274df5bb646920.camel@gmail.com>
Date:   Tue, 06 Apr 2021 14:44:40 +0500
From:   Muhammad Usama Anjum <musamaanjum@...il.com>
To:     hverkuil-cisco@...all.nl, dan.carpenter@...cle.com,
        gregkh@...uxfoundation.org, skhan@...uxfoundation.org
Cc:     musamaanjum@...il.com, syzkaller-bugs@...glegroups.com,
        dvyukov@...gle.com, linux-kernel@...r.kernel.org,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        "open list:EM28XX VIDEO4LINUX DRIVER" <linux-media@...r.kernel.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak

On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> > If some error occurs, URB buffers should also be freed. If they aren't
> > freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> > buffers as dvb is set to NULL. The function in which error occurs should
> > do all the cleanup for the allocations it had done.
> > 
> > Tested the patch with the reproducer provided by syzbot. This patch
> > fixes the memleak.
> > 
> > Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
> > Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
> > ---
> > Resending the same path as some email addresses were missing from the
> > earlier email.
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> > git tree:       upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> > dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> > 
> >  drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> > index 526424279637..471bd74667e3 100644
> > --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> > +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> > @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> >  	return result;
> >  
> >  out_free:
> > +	em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> >  	kfree(dvb);
> >  	dev->dvb = NULL;
> >  	goto ret;
> 
> I'd received the following notice and waiting for the review:
> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
> > Hello,
> > 
> > The following patch (submitted by you) has been updated in Patchwork:
> > 
> >  * linux-media: media: em28xx: fix memory leak
> >      - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
> >      - for: Linux Media kernel patches
> > 
This patch has been accepted. This bug was introduced by 27ba0dac.
Will it be backported and submitted for inclusion in stable release by
maintainer automatically?
> > 
> 
> Thanks,
> Usama
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ