lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Apr 2022 13:29:09 +0800
From:   Hangyu Hua <hbh25y@...il.com>
To:     Shuah Khan <skhan@...uxfoundation.org>,
        valentina.manea.m@...il.com, shuah@...nel.org,
        gregkh@...uxfoundation.org, khoroshilov@...ras.ru
Cc:     linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] usb: usbip: fix a refcount leak in stub_probe()

On 2022/4/8 23:04, Shuah Khan wrote:
> On 4/7/22 7:59 PM, Hangyu Hua wrote:
>> Hi Shuah,
>>
>> I find this by code review. Do i really need to add this to commit 
>> log? This look like a little weird.
>>
> 
> Great. Good find.
> 
> It is important to understand how the problem is found. Please add it
> the change log. We usually expect dmesg or such info. that revealed
> refcount leak, since this one is found during code review, we would
> like to see that information the commit log.
> 
> Also please remember to avoid top posting.

I get what you meant now. But i don't know how to get a clear dmesg or 
any other log. The kernel will not crash because of this. I just used 
gdb to find that udev->dev->kobj->kref gets bigger and bigger whenever I 
call stub_probe with busid_priv->status = STUB_BUSID_REMOV.

Thanks for telling me the rules.

> 
>>
>> On 2022/4/8 00:31, Shuah Khan wrote:
>>> On 4/6/22 8:22 PM, Hangyu Hua wrote:
>>>> usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
>>>> after that, usb_put_dev() needs to be called to release the reference.
>>>>
>>>> Fix this by moving usb_put_dev() to sdev_free error path handling.
>>>>
>>>> Fixes: 3ff67445750a ("usbip: fix error handling in stub_probe()")
>>>> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
>>>> Reviewed-by: Shuah Khan <skhan@...uxfoundation.org>
>>>> ---
>>>>
>>>> v2: add more description of this patch.
>>>
>>> Still missing details on how this problem was found. Please add them
>>> to the commit log.
>>>
> 
> thanks,
> -- Shuah
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ