lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKXUXMwQE6Z1EFYOtixwA+8nLZySxdHH9xHiOkGhcy5p0sr9xQ@mail.gmail.com>
Date:   Sun, 9 Jan 2022 05:10:48 +0100
From:   Lukas Bulwahn <lukas.bulwahn@...il.com>
To:     Shoaib Rao <rao.shoaib@...cle.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Netdev <netdev@...r.kernel.org>,
        Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
Subject: Re: Observation of a memory leak with commit 314001f0bf92 ("af_unix:
 Add OOB support")

On Fri, Jan 7, 2022 at 6:55 PM Shoaib Rao <rao.shoaib@...cle.com> wrote:
>
> Hi Lukas,
>
> I took a look at the patch and I fail to see how prepare_creds() could
> be impacted by the patch. The only reference to a cred in the patch is
> via maybe_add_creds().
>
> prepare_creds() is called to make a copy of the current creds which will
> be later modified. If there is any leak it would be in the caller not
> releasing the memory. The patch does not do anything with creds.
>
> If there is any more information that can help identify the issue, I
> will be happy to look into it.
>

Here is more information:

Here are all crash reports:

https://elisa-builder-00.iol.unh.edu/syzkaller-next/crash?id=1dcac8539d69ad9eb94ab2c8c0d99c11a0b516a3

and here at the bottom of the page is a C program that shows the
memory leak with the typical memory leak detections switched on:

https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=1dcac8539d69ad9eb94ab2c8c0d99c11a0b516a3

Please try to reproduce this on your machine. If you need more
instructions on how to set up the kernel to get this program to
reproduce the issue, please let us know.

> Note that a lot of bugs are timing related, so while it might seem that
> a change is causing the problem, it may not be the cause, it may just be
> changing the environment for the bug to show up.
>

Well, we are pretty sure that this commit makes it show up and
disappear depending on where it is included or reverted, respectively,
tested now on multiple kernel versions. So, to resolve the issue, we
just need to revert the commit.

Lukas

> Shoaib
>
> On 1/6/22 22:48, Lukas Bulwahn wrote:
> > Dear Rao and David,
> >
> >
> > In our syzkaller instance running on linux-next,
> > https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6heEhBZ_e$ , we have been
> > observing a memory leak in prepare_creds,
> > https://urldefense.com/v3/__https://elisa-builder-00.iol.unh.edu/syzkaller-next/report?id=1dcac8539d69ad9eb94ab2c8c0d99c11a0b516a3__;!!ACWV5N9M2RV99hQ!YR_lD5j1kvA5QfrbPcM5nMVZZkWNcF-UEE4vKA20TPkslzzGDVPqpL-6hS1luOMv$ ,
> > for quite some time.
> >
> > It is reproducible on v5.15-rc1, v5.15, v5.16-rc8 and next-20220104.
> > So, it is in mainline, was released and has not been fixed in
> > linux-next yet.
> >
> > As syzkaller also provides a reproducer, we bisected this memory leak
> > to be introduced with  commit 314001f0bf92 ("af_unix: Add OOB
> > support").
> >
> > We also tested that reverting this commit on torvalds' current tree
> > made the memory leak with the reproducer go away.
> >
> > Could you please have a look how your commit introduces this memory
> > leak? We will gladly support testing your fix in case help is needed.
> >
> >
> > Best regards,
> >
> > Lukas

Powered by blists - more mailing lists