lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c560dd1c-03ac-1aa7-f3ac-2a2d9f411505@suse.de>
Date:   Tue, 7 Mar 2023 09:23:55 +0100
From:   Thomas Zimmermann <tzimmermann@...e.de>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     deller@....de, paulus@...ba.org, benh@...nel.crashing.org,
        linux@...linux.org.uk, pjones@...hat.com, timur@...nel.org,
        adaplas@...il.com, s.hauer@...gutronix.de, shawnguo@...nel.org,
        mbroemme@...mpq.org, thomas@...ischhofer.net,
        James.Bottomley@...senpartnership.com, sudipm.mukherjee@...il.com,
        teddy.wang@...iconmotion.com, corbet@....net,
        linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 00/99] fbdev: Fix memory leak in option parsing

Hi Geert

Am 07.03.23 um 08:53 schrieb Geert Uytterhoeven:
> Hi Thomas,
> 
> On Mon, Mar 6, 2023 at 5:00 PM Thomas Zimmermann <tzimmermann@...e.de> wrote:
>> Introduce struct option_iter and helpers to parse command-line
>> options with comma-separated key-value pairs. Then convert fbdev
>> drivers to the new interface. Fixes a memory leak in the parsing of
>> the video= option.
>>
>> Before commit 73ce73c30ba9 ("fbdev: Transfer video= option strings to
>> caller; clarify ownership"), a call to fb_get_options() either
>> returned an internal string or a duplicated string; hence ownership of
>> the string's memory buffer was not well defined, but depended on how
>> users specified the video= option on the kernel command line. For
>> global settings, the caller owned the returned memory and for per-driver
>> settings, fb_get_options() owned the memory. As calling drivers were
>> unable to detect the case, the memory was leaked.
>>
>> Commit 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller;
>> clarify ownership") changed sematics to caller-owned strings. Drivers
>> still leaked the memory, but at least ownership was clear.
>>
>> This patchset fixes the memory leak and changes string ownership back
>> to fb_get_options(). Patch 1 introduces struct option_iter and a few
>> helpers. The interface takes an option string, such as video=, in the
>> common form value1,key2:value2,value3 etc and returns the individial
>> comma-separated pairs. Various modules use this pattern, so the code
>> is located under lib/.
>>
>> Patches 2 to 98 go through fbdev drivers and convert them to the new
>> interface. This often requires a number of cleanups. A driver would
>> typically refer to the option string's video mode. Such strings are now
>> copied to driver-allocated memory so that drivers don't refer directly
>> to the option string's memory. The option iterator then replaces manual
>> parsing loops based on strsep(",").
> 
> Thanks for your series!
> 
> Unfortunately I cannot say I'm thrilled about this: you are replacing
> a single small dynamic memory leak by 36 larger static memory leaks.

That's fair enough.

> Am I missing something?

The current size of the videomode buffers is ridiculously large. I just 
needed something that could hold the string. A long mode description 
might look like

   1920x1080MR-32@...ime

which has 21 characters. 32-byte buffers would probably be more than enough.

I think it should also be possible to do a simple kstrdup() on the given 
videomode string and free the copy in the module's _fini function.

That also brings up the question of these MODULE ifdefs. Almost all of 
the fbdev drivers only parse the command-line option if they are not 
build as a module. Do you know why? Because of the awkward semantics of 
the old fb_get_options()?  I think this should be changed so that they 
always respect the video= parameter.

Best regards
Thomas

> 
> Gr{oetje,eeting}s,
> 
>                          Geert
> 

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Download attachment "OpenPGP_signature" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ