lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAC=S1njwxLfw7LcnXkgY7pbiFaqvNQVyAzHVhK9+nYJC63d=Zw@mail.gmail.com>
Date:   Mon, 19 Jun 2023 17:05:47 +0800
From:   Fei Shao <fshao@...omium.org>
To:     Dan Carpenter <dan.carpenter@...aro.org>
Cc:     Stephen Boyd <sboyd@...nel.org>,
        Jerome Brunet <jbrunet@...libre.com>,
        Michael Turquette <mturquette@...libre.com>,
        linux-clk@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] clk: Fix memory leak in devm_clk_notifier_register()

On Mon, Jun 19, 2023 at 4:48 PM Dan Carpenter <dan.carpenter@...aro.org> wrote:
>
> On Mon, Jun 19, 2023 at 11:22:53AM +0800, Fei Shao wrote:
> > devm_clk_notifier_register() allocates a devres resource for clk
> > notifier but didn't register that to the device, so the notifier didn't
> > get unregistered on device detach and the allocated resource was leaked.
> >
> > Fix the issue by registering the resource through devres_add().
> >
> > Fixes: 6d30d50d037d ("clk: add devm variant of clk_notifier_register")
> > Signed-off-by: Fei Shao <fshao@...omium.org>
> > ---
> >
>
> Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>
>
> How did you find this bug?
>
> I can think of some ways to find this bug with static analysis.
>

It was actually detected by kmemleak on an unreleased Chromebook device.
I added the trace snippet in the message at first but removed that
before sending this. Maybe I shouldn't have.

I can resend a v3 to add that back if that's preferable. What do you think?

Regards,
Fei


> KTODO: static analysis:  look at unused parameters
>
> Both GCC and Clang have a warning for unused parameters.  I think the
> last time I looked at GCC it had a lot of false positives for functions
> which were called as pointers but hopefully that has been fixed now?
> Smatch does not have a check for this.  If someone were to write it,
> I would probably the check under the --pedantic flag so it would be
> turned off by default.
>
> regards,
> dan carpenter
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ