| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211102135054.GG2914@kadam>
Date: Tue, 2 Nov 2021 16:50:54 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Dongliang Mu <mudongliangabcd@...il.com>
Cc: Pavel Skripkin <paskripkin@...il.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
syzbot <syzkaller@...glegroups.com>, linux-media@...r.kernel.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] media: em28xx: fix memory leak in em28xx_init_dev
On Tue, Nov 02, 2021 at 02:31:26PM +0800, Dongliang Mu wrote:
> On Tue, Nov 2, 2021 at 3:28 AM Pavel Skripkin <paskripkin@...il.com> wrote:
> >
> > On 11/1/21 21:32, Dan Carpenter wrote:
> > > On Mon, Nov 01, 2021 at 05:55:39PM +0800, Dongliang Mu wrote:
> > >> In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
> > >> to deallocate the media_dev allocated in the em28xx_media_device_init.
> > >>
> > >> Fix this by adding em28xx_unregister_media_device to free media_dev.
> > >>
> > >> BTW, this patch is tested in my local syzkaller instance, and it can
> > >> prevent the memory leak from occurring again.
> > >>
> > >> CC: Pavel Skripkin <paskripkin@...il.com>
> > >> Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
> > >> Signed-off-by: Dongliang Mu <mudongliangabcd@...il.com>
> > >> Reported-by: syzbot <syzkaller@...glegroups.com>
> > >
> > > Is this really a syzbot warning? If so it should be in the format:
> > >
> > > Reported-by: syzbot+4c4ffd1e1094dae61035@...kaller.appspotmail.com
> > >
> > > Syzbot is different from syzkaller. Syzkaller is the fuzzer and syzbot
> > > is the program which reports syzkaller bugs.
> > >
> >
> > Bug report is from his local instance. He just wants to give credit to
> > syzbot for finding it
>
> Hi Dan,
>
> just as explained by Pavel, I leveraged the local syzkaller instance
> to find this bug.
>
> I can modify it to "Reported-by: syzkaller
> <syzkaller@...glegroups.com>", this one looks better.
>
No need for a Reported-by at all, but if you want to credit syzkaller
that's an okay format.
> >
> > >> ---
> > >> drivers/media/usb/em28xx/em28xx-cards.c | 19 +++++++++++++------
> > >> 1 file changed, 13 insertions(+), 6 deletions(-)
> > >>
> > >> diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
> > >> index c1e0dccb7408..fca68939ca50 100644
> > >> --- a/drivers/media/usb/em28xx/em28xx-cards.c
> > >> +++ b/drivers/media/usb/em28xx/em28xx-cards.c
> > >> @@ -3625,8 +3625,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
> > >>
> > >
> > > There is no check to see if the em28xx_media_device_init() fails. I
> >
> > I guess, it should work, since there a lot of checks to see if this
> > pointer is valid, i.e driver can work even without this pointer, AFAIK
> >
> > > don't love that we call unregister() to undo the init() but it seems
> > > like it should work...
> >
> > Same here, but it is out of scope of this patch :)
>
> >From the implementation, em28xx_media_device_init and
> em28xx_unregister_media_device should not be a pair of functions
> (do/undo).
>
That's how it is now, but it's not necessarily how it should be. Anyway,
it's unrelated to you patch. Just forget I mentioned it.
regards,
dan carpenter
Powered by blists - more mailing lists