lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ffcdbcbe-a5f6-48f4-a0a3-0d35c6c80050@rivosinc.com>
Date: Tue, 19 Nov 2024 17:57:36 +0100
From: Clément Léger <cleger@...osinc.com>
To: zhangkai@...as.ac.cn, Walmsley <paul.walmsley@...ive.com>,
 Dabbelt <palmer@...belt.com>, Ou <aou@...s.berkeley.edu>,
 linux-riscv@...ts.infradead.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] riscv: fix memory leakage in
 process_accumulated_relocations



On 16/11/2024 11:42, zhangkai@...as.ac.cn wrote:
> When module relocation is done, process_accumulated_relocations()
> frees all dynamic allocated memory. rel_head_iter-&gt;rel_entry is
> missed to free that kmemleak might report:
> 
> unreferenced object 0xffffffd880c5fc40 (size 16):
>   comm "insmod", pid 1101, jiffies 4295045138
>   hex dump (first 16 bytes):
>     e0 c0 f5 87 d8 ff ff ff 60 c5 f5 87 d8 ff ff ff  ........`.......
>   backtrace (crc d2ecb20c):
>     [&lt;00000000b01655f6&gt;] kmalloc_trace_noprof+0x268/0x2f6
>     [&lt;000000006dc0067a&gt;] add_relocation_to_accumulate.constprop.0+0xf2/0x1aa
>     [&lt;00000000e1b29a36&gt;] apply_relocate_add+0x13c/0x36e
>     [&lt;000000007543f1fb&gt;] load_module+0x5c6/0x83e
>     [&lt;00000000abce12e8&gt;] init_module_from_file+0x74/0xaa
>     [&lt;0000000049413e3d&gt;] idempotent_init_module+0x116/0x22e
>     [&lt;00000000f9b98b85&gt;] __riscv_sys_finit_module+0x62/0xae
> 
> Signed-off-by: Kai Zhang <zhangkai@...as.ac.cn>
> ---
>  arch/riscv/kernel/module.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
> index 1cd461f3d87..f8c3c4b47dc 100644
> --- a/arch/riscv/kernel/module.c
> +++ b/arch/riscv/kernel/module.c
> @@ -643,6 +643,7 @@ process_accumulated_relocations(struct module *me,
>                         }
>                         reloc_handlers[curr_type].accumulate_handler(
>                                 me, location, buffer);
> +                       kfree(rel_head_iter-&gt;rel_entry);

Hey Kai,

Your patch output is messed up probably due to some encoding issue.

But looknig at it and the module code, it seems like rel_entry does not
need to be a pointer. It can be a plain "struct list_head rel_entry" and
then simply pass the list_head pointer rather than allocating/freeing
it. That remove an allocation as well as some memory leak.

BTW, for fixes, you should add a Fixes: tag with the original commit
sha1 that introduced the bug.

Thanks,

Clément

>                         kfree(rel_head_iter);
>                 }
>                 kfree(bucket_iter);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ