| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 May 2022 13:58:19 +0100
From: Martin Habets <habetsm.xilinx@...il.com>
To: Íñigo Huguet <ihuguet@...hat.com>
Cc: ecree.xilinx@...il.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
Liang Li <liali@...hat.com>
Subject: Re: [PATCH net-next 1/2] sfc: fix memory leak on mtd_probe
The same patch was submitted earlier, see
https://lore.kernel.org/netdev/20220510153619.32464-1-ap420073@gmail.com/
Martin
On Wed, May 11, 2022 at 12:36:03PM +0200, Íñigo Huguet wrote:
> In some cases there is no mtd partitions that can be probed, so the mtd
> partitions list stays empty. This happens, for example, in SFC9220
> devices on the second port of the NIC.
>
> The memory for the mtd partitions is deallocated in efx_mtd_remove,
> recovering the address of the first element of efx->mtd_list and then
> deallocating it. But if the list is empty, the address passed to kfree
> doesn't point to the memory allocated for the mtd partitions, but to the
> list head itself. Despite this hasn't caused other problems other than
> the memory leak, this is obviously incorrect.
>
> This patch deallocates the memory during mtd_probe in the case that
> there are no probed partitions, avoiding the leak.
>
> This was detected with kmemleak, output example:
> unreferenced object 0xffff88819cfa0000 (size 46560):
> comm "kworker/0:2", pid 48435, jiffies 4364987018 (age 45.924s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<000000000f8e92d9>] kmalloc_order_trace+0x19/0x130
> [<0000000042a03844>] efx_ef10_mtd_probe+0x12d/0x320 [sfc]
> [<000000004555654f>] efx_pci_probe.cold+0x4e1/0x6db [sfc]
> [<00000000b03d5126>] local_pci_probe+0xde/0x170
> [<00000000376cc8d9>] work_for_cpu_fn+0x51/0xa0
> [<00000000141f8de9>] process_one_work+0x8cb/0x1590
> [<00000000cb2d8065>] worker_thread+0x707/0x1010
> [<000000001ef4b9f6>] kthread+0x364/0x420
> [<0000000014767137>] ret_from_fork+0x22/0x30
>
> Fixes: 8127d661e77f ("sfc: Add support for Solarflare SFC9100 family")
> Reported-by: Liang Li <liali@...hat.com>
> Signed-off-by: Íñigo Huguet <ihuguet@...hat.com>
> ---
> drivers/net/ethernet/sfc/ef10.c | 5 +++++
> drivers/net/ethernet/sfc/siena/siena.c | 5 +++++
> 2 files changed, 10 insertions(+)
>
> diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
> index c9ee5011803f..15a229731296 100644
> --- a/drivers/net/ethernet/sfc/ef10.c
> +++ b/drivers/net/ethernet/sfc/ef10.c
> @@ -3579,6 +3579,11 @@ static int efx_ef10_mtd_probe(struct efx_nic *efx)
> n_parts++;
> }
>
> + if (n_parts == 0) {
> + kfree(parts);
> + return 0;
> + }
> +
> rc = efx_mtd_add(efx, &parts[0].common, n_parts, sizeof(*parts));
> fail:
> if (rc)
> diff --git a/drivers/net/ethernet/sfc/siena/siena.c b/drivers/net/ethernet/sfc/siena/siena.c
> index 741313aff1d1..32467782e8ef 100644
> --- a/drivers/net/ethernet/sfc/siena/siena.c
> +++ b/drivers/net/ethernet/sfc/siena/siena.c
> @@ -943,6 +943,11 @@ static int siena_mtd_probe(struct efx_nic *efx)
> nvram_types >>= 1;
> }
>
> + if (n_parts == 0) {
> + kfree(parts);
> + return 0;
> + }
> +
> rc = siena_mtd_get_fw_subtypes(efx, parts, n_parts);
> if (rc)
> goto fail;
> --
> 2.34.1
Powered by blists - more mailing lists