lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 24 Feb 2023 20:43:22 +0800
From:   Kang Chen <void0red@...il.com>
To:     Dongliang Mu <mudongliangabcd@...il.com>
Cc:     gregkh@...uxfoundation.org, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: udc: add return value check of kzalloc in mv_udc_probe

Hi, Dongliang,

I totally agree with you. I checked the other drivers using
status_req->req.buf structure, they free the memory when
the driver removed. But in this driver, I can't find such code. So,
as you said, it needs a devm_kazlloc instead of a kzalloc to manage
the memory and avoid a memory leak.

Thanks for your correction. I will post a new patch later.

Dongliang Mu <mudongliangabcd@...il.com> 于2023年2月24日周五 19:06写道:

>
> On Fri, Feb 24, 2023 at 5:28 PM void0red <void0red@...il.com> wrote:
> >
> > From: Kang Chen <void0red@...il.com>
> >
> > Even an 8-byte kzalloc will fail when we don't have enough memory,
> > so we need a nullptr check and do the cleanup when it fails.
> >
> > Reported-by: eriri <1527030098@...com>
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=217081
> >
> > Signed-off-by: Kang Chen <void0red@...il.com>
> > ---
> >  drivers/usb/gadget/udc/mv_udc_core.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/drivers/usb/gadget/udc/mv_udc_core.c b/drivers/usb/gadget/udc/mv_udc_core.c
> > index b397f3a84..6dd6d52de 100644
> > --- a/drivers/usb/gadget/udc/mv_udc_core.c
> > +++ b/drivers/usb/gadget/udc/mv_udc_core.c
> > @@ -2230,6 +2230,10 @@ static int mv_udc_probe(struct platform_device *pdev)
> >
> >         /* allocate a small amount of memory to get valid address */
> >         udc->status_req->req.buf = kzalloc(8, GFP_KERNEL);
>
> Hi Kang and gregkh,
>
> I think there is a memory leak in this kzalloc. It seems there is no
> deallocation for this allocated object.
>
> As the surrounding allocation statements suggest,
> we should turn kzalloc to devm_kzalloc.
>
> > +       if (!udc->status_req->req.buf) {
> > +               retval = -ENOMEM;
> > +               goto err_destroy_dma;
> > +       }
> >         udc->status_req->req.dma = DMA_ADDR_INVALID;
> >
> >         udc->resume_state = USB_STATE_NOTATTACHED;
> > --
> > 2.34.1
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ