lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 10:12:15 +0800 From: Hangyu Hua <hbh25y@...il.com> To: Yasushi SHOJI <yashi@...cecubics.com> Cc: Wolfgang Grandegger <wg@...ndegger.com>, Marc Kleine-Budde <mkl@...gutronix.de>, David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Vincent Mailhol <mailhol.vincent@...adoo.fr>, stefan.maetje@....eu, Pavel Skripkin <paskripkin@...il.com>, remigiusz.kollataj@...ica.com, linux-can <linux-can@...r.kernel.org>, netdev <netdev@...r.kernel.org>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] can: mcba_usb: fix possible double dev_kfree_skb in mcba_usb_start_xmit Hi yashi, You are right. There are a series of the same problems about can_put_echo_skb. This issue was discovered while I was discussing a incorrect patch with Marc. You can check this in https://lore.kernel.org/all/20220225060019.21220-1-hbh25y@gmail.com/ So i submitted a new patch. This was the first place where the problem occurs. You can check this in [1] https://lore.kernel.org/all/20220228083639.38183-1-hbh25y@gmail.com/ After a week, I realized it could be a series of problems. So i submitted the following patches [2] https://lore.kernel.org/all/0d2f9980-fb1d-4068-7868-effc77892a97@gmail.com/ [3] https://lore.kernel.org/all/de416319-c027-837d-4b8c-b8c3c37ed88e@gmail.com/ [4] https://lore.kernel.org/all/20220317081305.739554-1-mkl@pengutronix.de/ I think this is all affected. None of the four have been merged upstream. Do i need to remake all these four patches? Thanks, Hangyu On 2022/3/23 07:08, Yasushi SHOJI wrote: > Hi Hangyu, > > On Fri, Mar 11, 2022 at 5:02 PM Hangyu Hua <hbh25y@...il.com> wrote: >> >> There is no need to call dev_kfree_skb when usb_submit_urb fails beacause >> can_put_echo_skb deletes original skb and can_free_echo_skb deletes the cloned >> skb. > > So, it's more like, "we don't need to call dev_kfree_skb() after > can_put_echo_skb() > because can_put_echo_skb() consumes the given skb.". It seems it doesn't depend > on the condition of usb_submit_urb(). Plus, we don't see the "cloned > skb" at the > call site. > > Would you mind adding a comment on can_put_echo_skb(), in a separate patch, > saying the fact that it consumes the skb? > > ems_usb.c, gs_usb.c and possibly some others seem to call > dev_kfree_skb() as well. > Are they affected? > > Best,
Powered by blists - more mailing lists