| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Apr 2021 14:44:40 +0500
From: Muhammad Usama Anjum <musamaanjum@...il.com>
To: hverkuil-cisco@...all.nl, dan.carpenter@...cle.com,
gregkh@...uxfoundation.org, skhan@...uxfoundation.org
Cc: musamaanjum@...il.com, syzkaller-bugs@...glegroups.com,
dvyukov@...gle.com, linux-kernel@...r.kernel.org,
Mauro Carvalho Chehab <mchehab@...nel.org>,
"open list:EM28XX VIDEO4LINUX DRIVER" <linux-media@...r.kernel.org>,
stable@...r.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak
On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> > If some error occurs, URB buffers should also be freed. If they aren't
> > freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> > buffers as dvb is set to NULL. The function in which error occurs should
> > do all the cleanup for the allocations it had done.
> >
> > Tested the patch with the reproducer provided by syzbot. This patch
> > fixes the memleak.
> >
> > Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
> > Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
> > ---
> > Resending the same path as some email addresses were missing from the
> > earlier email.
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> > dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> >
> > drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> > index 526424279637..471bd74667e3 100644
> > --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> > +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> > @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> > return result;
> >
> > out_free:
> > + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> > kfree(dvb);
> > dev->dvb = NULL;
> > goto ret;
>
> I'd received the following notice and waiting for the review:
> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
> > Hello,
> >
> > The following patch (submitted by you) has been updated in Patchwork:
> >
> > * linux-media: media: em28xx: fix memory leak
> > - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
> > - for: Linux Media kernel patches
> >
This patch has been accepted. This bug was introduced by 27ba0dac.
Will it be backported and submitted for inclusion in stable release by
maintainer automatically?
> >
>
> Thanks,
> Usama
>
>
Powered by blists - more mailing lists