lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <mhng-a1315877-d100-437d-923e-ebbae4745074@palmer-ri-x1c9>
Date: Thu, 06 Mar 2025 10:01:26 -0800 (PST)
From: Palmer Dabbelt <palmer@...belt.com>
To: zhangkai@...as.ac.cn
CC: Paul Walmsley <paul.walmsley@...ive.com>, aou@...s.berkeley.edu,
  linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject:     Re: [resend PATCH] riscv: fix memory leakage in process_accumulated_relocations

On Sat, 16 Nov 2024 04:07:18 PST (-0800), zhangkai@...as.ac.cn wrote:
> Sorry for last weird email.
> ---
>
> When module relocation is done, process_accumulated_relocations()
> frees all dynamic allocated memory. rel_head_iter->rel_entry is
> missed to free that kmemleak might report:
>
> unreferenced object 0xffffffd880c5fc40 (size 16):
>   comm "insmod", pid 1101, jiffies 4295045138
>   hex dump (first 16 bytes):
>     e0 c0 f5 87 d8 ff ff ff 60 c5 f5 87 d8 ff ff ff  ........`.......
>   backtrace (crc d2ecb20c):
>     [<00000000b01655f6>] kmalloc_trace_noprof+0x268/0x2f6
>     [<000000006dc0067a>]
> add_relocation_to_accumulate.constprop.0+0xf2/0x1aa
>     [<00000000e1b29a36>] apply_relocate_add+0x13c/0x36e
>     [<000000007543f1fb>] load_module+0x5c6/0x83e
>     [<00000000abce12e8>] init_module_from_file+0x74/0xaa
>     [<0000000049413e3d>] idempotent_init_module+0x116/0x22e
>     [<00000000f9b98b85>] __riscv_sys_finit_module+0x62/0xae
>
> Signed-off-by: Kai Zhang <zhangkai@...as.ac.cn>
> ---
>  arch/riscv/kernel/module.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
> index 1cd461f3d87..f8c3c4b47dc 100644
> --- a/arch/riscv/kernel/module.c
> +++ b/arch/riscv/kernel/module.c
> @@ -643,6 +643,7 @@ process_accumulated_relocations(struct module *me,
>                         }
>                         reloc_handlers[curr_type].accumulate_handler(
>                                 me, location, buffer);
> +                       kfree(rel_head_iter->rel_entry);
>                         kfree(rel_head_iter);
>                 }
>                 kfree(bucket_iter);

I just found this one.  The patch is also a bit mangled, so it doesn't 
apply (and probably got missed by some tools).

I had this buffer up to say something else, but I don't remember what it 
was.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ