lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20230520055147.3212541-1-yongxin.liu@windriver.com>
Date:   Sat, 20 May 2023 13:51:47 +0800
From:   Yongxin Liu <yongxin.liu@...driver.com>
To:     luiz.von.dentz@...el.com, marcel@...tmann.org
Cc:     linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] Bluetooth: add missing hci_codec_list_clear() back

hci_codec_list_clear() was missing in commit d0b137062b2d
("Bluetooth: hci_sync: Rework init stages"). Without it, there
are following kernel memory leaks.

  unreferenced object 0xffff9fe454c12ca0 (size 32):
    comm "kworker/u9:0", pid 82, jiffies 4294756186 (age 75.617s)
    hex dump (first 32 bytes):
      a8 93 7b 76 e4 9f ff ff e0 2d c1 54 e4 9f ff ff  ..{v.....-.T....
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    backtrace:
      [<ffffffff9add1386>] __kmem_cache_alloc_node+0x1e6/0x3d0
      [<ffffffff9ad47ea1>] __kmalloc+0x51/0x1a0
      [<ffffffff9bd01025>] hci_codec_list_add.isra.0+0x35/0xc0
      [<ffffffff9bd011e7>] hci_read_codec_capabilities+0x127/0x1f0
      [<ffffffff9bd01465>] hci_read_supported_codecs+0x115/0x1e0
      [<ffffffff9bd02658>] hci_read_local_codecs_sync+0x28/0x40
      [<ffffffff9bd06f5f>] hci_init_sync+0x14f/0x360
      [<ffffffff9bd096b8>] hci_dev_init_sync+0xf8/0x180
      [<ffffffff9bd0b67a>] hci_dev_open_sync+0x8a/0x2e0
      [<ffffffff9bcadbc0>] hci_power_on+0x60/0x220
      [<ffffffff9aad0a37>] process_one_work+0x257/0x580
      [<ffffffff9aad0dc8>] worker_thread+0x58/0x3c0
      [<ffffffff9aadb97b>] kthread+0x10b/0x140
      [<ffffffff9aa023f9>] ret_from_fork+0x29/0x50

Fixes: d0b137062b2d ("Bluetooth: hci_sync: Rework init stages")
Signed-off-by: Yongxin Liu <yongxin.liu@...driver.com>
---
 net/bluetooth/hci_sync.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 647a8ce54062..e94a5648e08a 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -4994,6 +4994,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 	memset(hdev->eir, 0, sizeof(hdev->eir));
 	memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
 	bacpy(&hdev->random_addr, BDADDR_ANY);
+	hci_codec_list_clear(&hdev->local_codecs);
 
 	hci_dev_put(hdev);
 	return err;
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ