lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 23 Mar 2022 10:12:15 +0800
From:   Hangyu Hua <hbh25y@...il.com>
To:     Yasushi SHOJI <yashi@...cecubics.com>
Cc:     Wolfgang Grandegger <wg@...ndegger.com>,
        Marc Kleine-Budde <mkl@...gutronix.de>,
        David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Vincent Mailhol <mailhol.vincent@...adoo.fr>,
        stefan.maetje@....eu, Pavel Skripkin <paskripkin@...il.com>,
        remigiusz.kollataj@...ica.com,
        linux-can <linux-can@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] can: mcba_usb: fix possible double dev_kfree_skb in
 mcba_usb_start_xmit

Hi yashi,

You are right. There are a series of the same problems about 
can_put_echo_skb.

This issue was discovered while I was discussing a incorrect patch with 
Marc. You can check this in

https://lore.kernel.org/all/20220225060019.21220-1-hbh25y@gmail.com/

So i submitted a new patch. This was the first place where the problem 
occurs. You can check this in

[1] https://lore.kernel.org/all/20220228083639.38183-1-hbh25y@gmail.com/

After a week, I realized it could be a series of problems. So
i submitted the following patches

[2] 
https://lore.kernel.org/all/0d2f9980-fb1d-4068-7868-effc77892a97@gmail.com/
[3] 
https://lore.kernel.org/all/de416319-c027-837d-4b8c-b8c3c37ed88e@gmail.com/
[4] https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de/

I think this is all affected. None of the four have been merged 
upstream. Do i need to remake all these four patches?

Thanks,
Hangyu






On 2022/3/23 07:08, Yasushi SHOJI wrote:
> Hi Hangyu,
> 
> On Fri, Mar 11, 2022 at 5:02 PM Hangyu Hua <hbh25y@...il.com> wrote:
>>
>> There is no need to call dev_kfree_skb when usb_submit_urb fails beacause
>> can_put_echo_skb deletes original skb and can_free_echo_skb deletes the cloned
>> skb.
> 
> So, it's more like, "we don't need to call dev_kfree_skb() after
> can_put_echo_skb()
> because can_put_echo_skb() consumes the given skb.".  It seems it doesn't depend
> on the condition of usb_submit_urb().  Plus, we don't see the "cloned
> skb" at the
> call site.
> 
> Would you mind adding a comment on can_put_echo_skb(), in a separate patch,
> saying the fact that it consumes the skb?
> 
> ems_usb.c, gs_usb.c and possibly some others seem to call
> dev_kfree_skb() as well.
> Are they affected?
> 
> Best,

Powered by blists - more mailing lists