lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e04eabb6-fa5f-9eb2-c2a6-812f6a310bc0@outbound.gmail.com>
Date: Tue, 13 Aug 2024 09:15:23 +0300
From: Eli Billauer <eli.billauer@...il.com>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>, arnd@...db.de,
 gregkh@...uxfoundation.org
Cc: linux-kernel@...r.kernel.org,
 syzbot+e528c9aad0fb5383ec83@...kaller.appspotmail.com
Subject: Re: [PATCH] drivers/xillybus: fix deadlock upon cleanup_dev

Hello,

I should have sent a response to this syzbot alert, indicating that 
there is already ongoing work to fix this issue:

https://lore.kernel.org/lkml/20240801121126.60183-1-eli.billauer@gmail.com/

My apologies for not doing that.

On 13/08/2024 7:04, Sabyrzhan Tasbolatov wrote:
> syzbot found an issue [1] when cleanup_dev() is called twice,
> causing deadlock.

How is cleanup_dev() called twice? I only see it once in the stack trace.

  It is called in xillyusb_probe()
> in the end of wakeup_all():
> 
> 	INIT_WORK(&xdev->wakeup_workitem, wakeup_all);

INIT_WORK merely initializes the work item, it doesn't cause its execution.

> @@ -2174,7 +2175,6 @@ static int xillyusb_probe(struct usb_interface *interface,
>   
>   fail:
>   	usb_set_intfdata(interface, NULL);
> -	kref_put(&xdev->kref, cleanup_dev);
>   	return rc;
>   }
>   

This edit causes a memory leak, because the reference count needs to be 
decremented in other failure scenarios.

Thanks,
    Eli

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ