lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3cd9808b-a684-f0f2-8ea0-81b404943239@xs4all.nl>
Date:   Tue, 6 Apr 2021 12:07:42 +0200
From:   Hans Verkuil <hverkuil-cisco@...all.nl>
To:     Muhammad Usama Anjum <musamaanjum@...il.com>,
        dan.carpenter@...cle.com, gregkh@...uxfoundation.org,
        skhan@...uxfoundation.org
Cc:     syzkaller-bugs@...glegroups.com, dvyukov@...gle.com,
        linux-kernel@...r.kernel.org,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        "open list:EM28XX VIDEO4LINUX DRIVER" <linux-media@...r.kernel.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak

On 06/04/2021 11:44, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
>> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
>>> If some error occurs, URB buffers should also be freed. If they aren't
>>> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
>>> buffers as dvb is set to NULL. The function in which error occurs should
>>> do all the cleanup for the allocations it had done.
>>>
>>> Tested the patch with the reproducer provided by syzbot. This patch
>>> fixes the memleak.
>>>
>>> Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
>>> Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
>>> ---
>>> Resending the same path as some email addresses were missing from the
>>> earlier email.
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit:    1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
>>> git tree:       upstream
>>> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
>>> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
>>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
>>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
>>>
>>>  drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> index 526424279637..471bd74667e3 100644
>>> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
>>> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
>>>  	return result;
>>>  
>>>  out_free:
>>> +	em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
>>>  	kfree(dvb);
>>>  	dev->dvb = NULL;
>>>  	goto ret;
>>
>> I'd received the following notice and waiting for the review:
>> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
>>> Hello,
>>>
>>> The following patch (submitted by you) has been updated in Patchwork:
>>>
>>>  * linux-media: media: em28xx: fix memory leak
>>>      - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
>>>      - for: Linux Media kernel patches
>>>
> This patch has been accepted. This bug was introduced by 27ba0dac.
> Will it be backported and submitted for inclusion in stable release by
> maintainer automatically?

That might not happen since there was no 'Fixes:' tag. Without that it
will depend on the stable tree maintainers whether they'll pick it up or not.

Regards,

	Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ