lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <35cebb4b-3a1d-fa47-4d49-1a516f36af4f@oracle.com>
Date:   Fri, 7 Jan 2022 09:54:57 -0800
From:   Shoaib Rao <rao.shoaib@...cle.com>
To:     Lukas Bulwahn <lukas.bulwahn@...il.com>,
        "David S. Miller" <davem@...emloft.net>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
Subject: Re: Observation of a memory leak with commit 314001f0bf92 ("af_unix:
 Add OOB support")

Hi Lukas,

I took a look at the patch and I fail to see how prepare_creds() could 
be impacted by the patch. The only reference to a cred in the patch is 
via maybe_add_creds().

prepare_creds() is called to make a copy of the current creds which will 
be later modified. If there is any leak it would be in the caller not 
releasing the memory. The patch does not do anything with creds.

If there is any more information that can help identify the issue, I 
will be happy to look into it.

Note that a lot of bugs are timing related, so while it might seem that 
a change is causing the problem, it may not be the cause, it may just be 
changing the environment for the bug to show up.

Shoaib

On 1/6/22 22:48, Lukas Bulwahn wrote:
> Dear Rao and David,
>
>
> In our syzkaller instance running on linux-next,
> https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6heEhBZ_e$ , we have been
> observing a memory leak in prepare_creds,
> https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=1dcac8539d69ad9eb94ab2c8c0d99c11a0b516a3__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6hS1luOMv$ ,
> for quite some time.
>
> It is reproducible on v5.15-rc1, v5.15, v5.16-rc8 and next-20220104.
> So, it is in mainline, was released and has not been fixed in
> linux-next yet.
>
> As syzkaller also provides a reproducer, we bisected this memory leak
> to be introduced with  commit 314001f0bf92 ("af_unix: Add OOB
> support").
>
> We also tested that reverting this commit on torvalds' current tree
> made the memory leak with the reproducer go away.
>
> Could you please have a look how your commit introduces this memory
> leak? We will gladly support testing your fix in case help is needed.
>
>
> Best regards,
>
> Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ