| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Nov 2019 14:49:55 -0500
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Jouni Hogander <jouni.hogander@...kie.com>,
Wolfgang Grandegger <wg@...ndegger.com>,
Marc Kleine-Budde <mkl@...gutronix.de>,
Lukas Bulwahn <lukas.bulwahn@...il.com>,
Sasha Levin <sashal@...nel.org>, linux-can@...r.kernel.org,
netdev@...r.kernel.org
Subject: [PATCH AUTOSEL 4.9 10/13] slcan: Fix memory leak in error path
From: Jouni Hogander <jouni.hogander@...kie.com>
[ Upstream commit ed50e1600b4483c049ce76e6bd3b665a6a9300ed ]
This patch is fixing memory leak reported by Syzkaller:
BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096):
comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s)
hex dump (first 32 bytes):
73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000a06eec0d>] __kmalloc+0x18b/0x2c0
[<0000000083306e66>] kvmalloc_node+0x3a/0xc0
[<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080
[<0000000061a996c9>] slcan_open+0x3ae/0x9a0
[<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0
[<0000000019289631>] tty_set_ldisc+0x28c/0x5f0
[<000000004de5a617>] tty_ioctl+0x48d/0x1590
[<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510
[<0000000059068dbc>] ksys_ioctl+0x99/0xb0
[<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0
[<0000000053d0332e>] do_syscall_64+0x16f/0x580
[<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<000000008ea75434>] 0xffffffffffffffff
Cc: Wolfgang Grandegger <wg@...ndegger.com>
Cc: Marc Kleine-Budde <mkl@...gutronix.de>
Cc: Lukas Bulwahn <lukas.bulwahn@...il.com>
Signed-off-by: Jouni Hogander <jouni.hogander@...kie.com>
Signed-off-by: Marc Kleine-Budde <mkl@...gutronix.de>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/net/can/slcan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c
index eb7173713bbcb..a2c4048c07bec 100644
--- a/drivers/net/can/slcan.c
+++ b/drivers/net/can/slcan.c
@@ -613,6 +613,7 @@ static int slcan_open(struct tty_struct *tty)
sl->tty = NULL;
tty->disc_data = NULL;
clear_bit(SLF_INUSE, &sl->flags);
+ free_netdev(sl->dev);
err_exit:
rtnl_unlock();
--
2.20.1
Powered by blists - more mailing lists