lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YszJFi+deSIXK3ns@MiWiFi-R3L-srv>
Date:   Tue, 12 Jul 2022 09:06:30 +0800
From:   Baoquan He <bhe@...hat.com>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     Jianglei Nie <niejianglei2021@....com>, vgoyal@...hat.com,
        dyoung@...hat.com, kexec@...ts.infradead.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v3] proc/vmcore: fix potential memory leak in
 vmcore_init()

On 07/11/22 at 01:18pm, Matthew Wilcox wrote:
> On Mon, Jul 11, 2022 at 03:49:51PM +0800, Baoquan He wrote:
> > On 07/11/22 at 03:34pm, Jianglei Nie wrote:
> > > elfcorehdr_alloc() allocates a memory chunk for elfcorehdr_addr with
> > > kzalloc(). If is_vmcore_usable() returns false, elfcorehdr_addr is a
> > > predefined value. If parse_crash_elf_headers() occurs some error and
> > > returns a negetive value, the elfcorehdr_addr should be released with
> > > elfcorehdr_free().
> > > 
> > > We can fix by calling elfcorehdr_free() when parse_crash_elf_headers()
> > > fails.
> > > 
> > > Signed-off-by: Jianglei Nie <niejianglei2021@....com>
> > > ---
> > >  fs/proc/vmcore.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
> > > index 4eaeb645e759..125efe63f281 100644
> > > --- a/fs/proc/vmcore.c
> > > +++ b/fs/proc/vmcore.c
> > > @@ -1569,7 +1569,7 @@ static int __init vmcore_init(void)
> > >  	rc = parse_crash_elf_headers();
> > >  	if (rc) {
> > >  		pr_warn("Kdump: vmcore not initialized\n");
> > > -		return rc;
> > > +		goto fail;
> > 
> > Sigh. Why don't you copy my suggested code directly?
> 
> I think at this point, you should just submit your own patch
> and credit this person with Reported-by:

Thanks for telling. I will consider doing this in the future.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ