lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20221116135229.GA3498904@roeck-us.net>
Date:   Wed, 16 Nov 2022 05:52:29 -0800
From:   Guenter Roeck <linux@...ck-us.net>
To:     Chen Jun <chenjun102@...wei.com>
Cc:     linux-kernel@...r.kernel.org, linux-watchdog@...r.kernel.org,
        wim@...ux-watchdog.org, haokexin@...il.com, xuqiang36@...wei.com
Subject: Re: [PATCH] watchdog: Fix kmemleak in watchdog_cdev_register

On Wed, Nov 16, 2022 at 01:27:14AM +0000, Chen Jun wrote:
> kmemleak reports memory leaks in watchdog_dev_register, as follows:
> unreferenced object 0xffff888116233000 (size 2048):
>   comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
>   hex dump (first 32 bytes):
>     80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff  .........0#.....
>     08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00  .0#.............
>   backtrace:
>     [<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220
>     [<000000006a389304>] kmalloc_trace+0x21/0x110
>     [<000000008d640eea>] watchdog_dev_register+0x4e/0x780 [watchdog]
>     [<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog]
>     [<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog]
>     [<000000001f730178>] 0xffffffffc10880ae
>     [<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0
>     [<00000000b98be325>] do_init_module+0x1ca/0x5f0
>     [<0000000046d08e7c>] load_module+0x6133/0x70f0
>     ...
> 
> unreferenced object 0xffff888105b9fa80 (size 16):
>   comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
>   hex dump (first 16 bytes):
>     77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff  watchdog1.......
>   backtrace:
>     [<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220
>     [<00000000486ab89b>] __kmalloc_node_track_caller+0x44/0x1b0
>     [<000000005a39aab0>] kvasprintf+0xb5/0x140
>     [<0000000024806f85>] kvasprintf_const+0x55/0x180
>     [<000000009276cb7f>] kobject_set_name_vargs+0x56/0x150
>     [<00000000a92e820b>] dev_set_name+0xab/0xe0
>     [<00000000cec812c6>] watchdog_dev_register+0x285/0x780 [watchdog]
>     [<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog]
>     [<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog]
>     [<000000001f730178>] 0xffffffffc10880ae
>     [<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0
>     [<00000000b98be325>] do_init_module+0x1ca/0x5f0
>     [<0000000046d08e7c>] load_module+0x6133/0x70f0
>     ...
> 
> The reason is that put_device is not be called if cdev_device_add fails
> and wdd->id != 0.
> 
> watchdog_cdev_register
>   wd_data = kzalloc                             [1]
>   err = dev_set_name                            [2]
>   ..
>   err = cdev_device_add
>   if (err) {
>     if (wdd->id == 0) {  // wdd->id != 0
>       ..
>     }
>     return err;  // [1],[2] would be leaked
> 
> To fix it, call put_device in all wdd->id cases.
> 
> Fixes: 72139dfa2464 ("watchdog: Fix the race between the release of watchdog_core_data and cdev")
> Signed-off-by: Chen Jun <chenjun102@...wei.com>

Reviewed-by: Guenter Roeck <linux@...ck-us.net>

> ---
>  drivers/watchdog/watchdog_dev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
> index 55574ed42504..fdffa6859dde 100644
> --- a/drivers/watchdog/watchdog_dev.c
> +++ b/drivers/watchdog/watchdog_dev.c
> @@ -1061,8 +1061,8 @@ static int watchdog_cdev_register(struct watchdog_device *wdd)
>  		if (wdd->id == 0) {
>  			misc_deregister(&watchdog_miscdev);
>  			old_wd_data = NULL;
> -			put_device(&wd_data->dev);
>  		}
> +		put_device(&wd_data->dev);
>  		return err;
>  	}
>  
> -- 
> 2.17.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ