lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 13 Jun 2023 03:35:26 +0200
From:   Armin Wolf <W_Armin@....de>
To:     linux@...inikbrodowski.net
Cc:     logang@...tatee.com, gregkh@...uxfoundation.org, rafael@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] pcmcia: rsrc_nonstatic: Fix memory leak in
 nonstatic_release_resource_db()

Am 12.05.23 um 20:45 schrieb Armin Wolf:

> When nonstatic_release_resource_db() frees all resources associated
> with an PCMCIA socket, it forgets to free socket_data too, causing
> a memory leak observable with kmemleak:
>
> unreferenced object 0xc28d1000 (size 64):
>    comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s)
>    hex dump (first 32 bytes):
>      00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00  ................
>      00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00  ................
>    backtrace:
>      [<ffda4245>] __kmem_cache_alloc_node+0x2d7/0x4a0
>      [<7e51f0c8>] kmalloc_trace+0x31/0xa4
>      [<d52b4ca0>] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc]
>      [<a2f13e08>] pcmcia_register_socket+0x200/0x35c [pcmcia_core]
>      [<a728be1b>] yenta_probe+0x4d8/0xa70 [yenta_socket]
>      [<c48fac39>] pci_device_probe+0x99/0x194
>      [<84b7c690>] really_probe+0x181/0x45c
>      [<8060fe6e>] __driver_probe_device+0x75/0x1f4
>      [<b9b76f43>] driver_probe_device+0x28/0xac
>      [<648b766f>] __driver_attach+0xeb/0x1e4
>      [<6e9659eb>] bus_for_each_dev+0x61/0xb4
>      [<25a669f3>] driver_attach+0x1e/0x28
>      [<d8671d6b>] bus_add_driver+0x102/0x20c
>      [<df0d323c>] driver_register+0x5b/0x120
>      [<942cd8a4>] __pci_register_driver+0x44/0x4c
>      [<e536027e>] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support]
>
> Fix this by freeing socket_data too.
>
> Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding
> the yenta_cardbus driver (yenta_socket).
>
> Signed-off-by: Armin Wolf <W_Armin@....de>
> ---
>   drivers/pcmcia/rsrc_nonstatic.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c
> index 471e0c5815f3..bf9d070a4496 100644
> --- a/drivers/pcmcia/rsrc_nonstatic.c
> +++ b/drivers/pcmcia/rsrc_nonstatic.c
> @@ -1053,6 +1053,8 @@ static void nonstatic_release_resource_db(struct pcmcia_socket *s)
>   		q = p->next;
>   		kfree(p);
>   	}
> +
> +	kfree(data);
>   }
>
>
> --
> 2.30.2

Any progress on this one?

Armin Wolf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ