lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250408041647.88489-1-lizhijian@fujitsu.com>
Date: Tue,  8 Apr 2025 12:16:47 +0800
From: Li Zhijian <lizhijian@...itsu.com>
To: herbert@...dor.apana.org.au,
	davem@...emloft.net,
	linux-crypto@...r.kernel.org
Cc: mcoquelin.stm32@...il.com,
	alexandre.torgue@...s.st.com,
	linux-stm32@...md-mailman.stormreply.com,
	linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	Li Zhijian <lizhijian@...itsu.com>,
	Erhard Furtner <erhard_f@...lbox.org>
Subject: [PATCH] crypto/testmgr: Fix acomp_req leak

The kmemleak reported that
...
unreferenced object 0xffff888108d6c300 (size 256):
  comm "cryptomgr_test", pid 183, jiffies 4294700957
  hex dump (first 32 bytes):
    00 c1 d6 08 81 88 ff ff 00 cb d6 08 81 88 ff ff  ................
    50 cd a7 81 ff ff ff ff b8 fb 93 02 00 c9 ff ff  P...............
  backtrace (crc 29cca632):
    __kmalloc_noprof+0x2fa/0x430
    test_acomp+0x174/0x960
    alg_test_comp+0x6f/0x90
    alg_test.part.26+0x105/0x410
    cryptomgr_test+0x20/0x40
    kthread+0x10c/0x250
    ret_from_fork+0x30/0x40
    ret_from_fork_asm+0x1a/0x30
unreferenced object 0xffff888108d6c100 (size 256):
  comm "cryptomgr_test", pid 183, jiffies 4294700972
  hex dump (first 32 bytes):
    00 1d da 08 81 88 ff ff 00 c3 d6 08 81 88 ff ff  ................
    50 cd a7 81 ff ff ff ff b8 fb 93 02 00 c9 ff ff  P...............
  backtrace (crc 3047d62b):
    __kmalloc_noprof+0x2fa/0x430
    test_acomp+0x174/0x960
    alg_test_comp+0x6f/0x90
    alg_test.part.26+0x105/0x410
    cryptomgr_test+0x20/0x40
    kthread+0x10c/0x250
    ret_from_fork+0x30/0x40
    ret_from_fork_asm+0x1a/0x30

acomp_request will be chained to req[0], however,
acomp_request_free(), it will not free the whole chain.

Fix it by freeing them one by one.

Fixes: 99585c2192cb ("crypto: testmgr - Add multibuffer acomp testing")
Reported-by: Erhard Furtner <erhard_f@...lbox.org>
Closes: https://lore.kernel.org/linux-crypto/20250408002741.089f1e9a@outsider.home/
Signed-off-by: Li Zhijian <lizhijian@...itsu.com>
---
 crypto/testmgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index abd609d4c8ef..7f02feee9fb6 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -3498,10 +3498,10 @@ static int test_acomp(struct crypto_acomp *tfm,
 	ret = 0;
 
 out:
-	acomp_request_free(reqs[0]);
 	for (i = 0; i < MAX_MB_MSGS; i++) {
 		kfree(output[i]);
 		kfree(decomp_out[i]);
+		acomp_request_free(reqs[i]);
 	}
 	kfree(dst);
 	kfree(src);
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ