lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d047dc51-1259-6885-fba7-0d72a375d799@gmail.com>
Date:   Tue, 9 Nov 2021 22:10:57 +0300
From:   Pavel Skripkin <paskripkin@...il.com>
To:     Jiri Slaby <jirislaby@...nel.org>, gregkh@...uxfoundation.org,
        hdanton@...a.com
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty: n_gsm: add missing tty_kref_put

On 11/9/21 20:33, Jiri Slaby wrote:
> On 09. 11. 21, 11:39, Pavel Skripkin wrote:
>> My local syzbot instance hit memory leak in gsmld_attach_gsm(). The
>> reproducer injects allocation failure in tty_register_device(). After
>> this error only previous tty_register_device() calls unwinded, but not
>> tty_kref_get().
>> 
>> It leads to tty_struct leak, because ->close() won't be called in case
>> of ->open() failure and nothing puts tty reference.
> 
> I don't have time to check the n_gsm case now (like: are you talking
> about tty->open/close or file_ops->open/close -- they behave
> differently), but tty definitely calls close even if open fails.
> 

Oh, I see now. I wasn't aware about this difference. Will do more 
detailed analysis of reported leak. Thank you for pointing it out!




With regards,
Pavel Skripkin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ