| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Apr 2021 12:07:42 +0200
From: Hans Verkuil <hverkuil-cisco@...all.nl>
To: Muhammad Usama Anjum <musamaanjum@...il.com>,
dan.carpenter@...cle.com, gregkh@...uxfoundation.org,
skhan@...uxfoundation.org
Cc: syzkaller-bugs@...glegroups.com, dvyukov@...gle.com,
linux-kernel@...r.kernel.org,
Mauro Carvalho Chehab <mchehab@...nel.org>,
"open list:EM28XX VIDEO4LINUX DRIVER" <linux-media@...r.kernel.org>,
stable@...r.kernel.org
Subject: Re: [PATCH] media: em28xx: fix memory leak
On 06/04/2021 11:44, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
>> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
>>> If some error occurs, URB buffers should also be freed. If they aren't
>>> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
>>> buffers as dvb is set to NULL. The function in which error occurs should
>>> do all the cleanup for the allocations it had done.
>>>
>>> Tested the patch with the reproducer provided by syzbot. This patch
>>> fixes the memleak.
>>>
>>> Reported-by: syzbot+889397c820fa56adf25d@...kaller.appspotmail.com
>>> Signed-off-by: Muhammad Usama Anjum <musamaanjum@...il.com>
>>> ---
>>> Resending the same path as some email addresses were missing from the
>>> earlier email.
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
>>> git tree: upstream
>>> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
>>> kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
>>> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
>>>
>>> drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> index 526424279637..471bd74667e3 100644
>>> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
>>> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
>>> return result;
>>>
>>> out_free:
>>> + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
>>> kfree(dvb);
>>> dev->dvb = NULL;
>>> goto ret;
>>
>> I'd received the following notice and waiting for the review:
>> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
>>> Hello,
>>>
>>> The following patch (submitted by you) has been updated in Patchwork:
>>>
>>> * linux-media: media: em28xx: fix memory leak
>>> - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
>>> - for: Linux Media kernel patches
>>>
> This patch has been accepted. This bug was introduced by 27ba0dac.
> Will it be backported and submitted for inclusion in stable release by
> maintainer automatically?
That might not happen since there was no 'Fixes:' tag. Without that it
will depend on the stable tree maintainers whether they'll pick it up or not.
Regards,
Hans
Powered by blists - more mailing lists