| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Nov 2021 09:06:06 +0800
From: Dongliang Mu <mudongliangabcd@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Pavel Skripkin <paskripkin@...il.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
syzbot <syzkaller@...glegroups.com>, linux-media@...r.kernel.org,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] media: em28xx: fix memory leak in em28xx_init_dev
On Tue, Nov 2, 2021 at 9:51 PM Dan Carpenter <dan.carpenter@...cle.com> wrote:
>
> On Tue, Nov 02, 2021 at 02:31:26PM +0800, Dongliang Mu wrote:
> > On Tue, Nov 2, 2021 at 3:28 AM Pavel Skripkin <paskripkin@...il.com> wrote:
> > >
> > > On 11/1/21 21:32, Dan Carpenter wrote:
> > > > On Mon, Nov 01, 2021 at 05:55:39PM +0800, Dongliang Mu wrote:
> > > >> In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
> > > >> to deallocate the media_dev allocated in the em28xx_media_device_init.
> > > >>
> > > >> Fix this by adding em28xx_unregister_media_device to free media_dev.
> > > >>
> > > >> BTW, this patch is tested in my local syzkaller instance, and it can
> > > >> prevent the memory leak from occurring again.
> > > >>
> > > >> CC: Pavel Skripkin <paskripkin@...il.com>
> > > >> Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
> > > >> Signed-off-by: Dongliang Mu <mudongliangabcd@...il.com>
> > > >> Reported-by: syzbot <syzkaller@...glegroups.com>
> > > >
> > > > Is this really a syzbot warning? If so it should be in the format:
> > > >
> > > > Reported-by: syzbot+4c4ffd1e1094dae61035@...kaller.appspotmail.com
> > > >
> > > > Syzbot is different from syzkaller. Syzkaller is the fuzzer and syzbot
> > > > is the program which reports syzkaller bugs.
> > > >
> > >
> > > Bug report is from his local instance. He just wants to give credit to
> > > syzbot for finding it
> >
> > Hi Dan,
> >
> > just as explained by Pavel, I leveraged the local syzkaller instance
> > to find this bug.
> >
> > I can modify it to "Reported-by: syzkaller
> > <syzkaller@...glegroups.com>", this one looks better.
> >
>
> No need for a Reported-by at all, but if you want to credit syzkaller
> that's an okay format.
>
Hi all,
do I need to send a v2 patch with a new Reported-by tag?
> > >
> > > >> ---
> > > >> drivers/media/usb/em28xx/em28xx-cards.c | 19 +++++++++++++------
> > > >> 1 file changed, 13 insertions(+), 6 deletions(-)
> > > >>
> > > >> diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
> > > >> index c1e0dccb7408..fca68939ca50 100644
> > > >> --- a/drivers/media/usb/em28xx/em28xx-cards.c
> > > >> +++ b/drivers/media/usb/em28xx/em28xx-cards.c
> > > >> @@ -3625,8 +3625,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
> > > >>
> > > >
> > > > There is no check to see if the em28xx_media_device_init() fails. I
> > >
> > > I guess, it should work, since there a lot of checks to see if this
> > > pointer is valid, i.e driver can work even without this pointer, AFAIK
> > >
> > > > don't love that we call unregister() to undo the init() but it seems
> > > > like it should work...
> > >
> > > Same here, but it is out of scope of this patch :)
> >
> > >From the implementation, em28xx_media_device_init and
> > em28xx_unregister_media_device should not be a pair of functions
> > (do/undo).
> >
>
> That's how it is now, but it's not necessarily how it should be. Anyway,
> it's unrelated to you patch. Just forget I mentioned it.
>
> regards,
> dan carpenter
>
Powered by blists - more mailing lists