| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <677a98a6-6eea-ae1b-f6f6-0055bd8f584a@huawei.com>
Date: Wed, 19 Oct 2022 09:29:32 +0800
From: shangxiaojing <shangxiaojing@...wei.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
<bongsu.jeon@...sung.com>, <kuba@...nel.org>, <pabeni@...hat.com>,
<netdev@...r.kernel.org>
Subject: Re: [PATCH v2] nfc: virtual_ncidev: Fix memory leak in
virtual_nci_send()
On 2022/10/18 22:06, Krzysztof Kozlowski wrote:
> On 18/10/2022 07:49, Shang XiaoJing wrote:
>> skb should be free in virtual_nci_send(), otherwise kmemleak will report
>> memleak.
>>
>> Steps for reproduction (simulated in qemu):
>> cd tools/testing/selftests/nci
>> make
>> ./nci_dev
>>
>> BUG: memory leak
>> unreferenced object 0xffff888107588000 (size 208):
>> comm "nci_dev", pid 206, jiffies 4294945376 (age 368.248s)
>> hex dump (first 32 bytes):
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>> backtrace:
>> [<000000008d94c8fd>] __alloc_skb+0x1da/0x290
>> [<00000000278bc7f8>] nci_send_cmd+0xa3/0x350
>> [<0000000081256a22>] nci_reset_req+0x6b/0xa0
>> [<000000009e721112>] __nci_request+0x90/0x250
>> [<000000005d556e59>] nci_dev_up+0x217/0x5b0
>> [<00000000e618ce62>] nfc_dev_up+0x114/0x220
>> [<00000000981e226b>] nfc_genl_dev_up+0x94/0xe0
>> [<000000009bb03517>] genl_family_rcv_msg_doit.isra.14+0x228/0x2d0
>> [<00000000b7f8c101>] genl_rcv_msg+0x35c/0x640
>> [<00000000c94075ff>] netlink_rcv_skb+0x11e/0x350
>> [<00000000440cfb1e>] genl_rcv+0x24/0x40
>> [<0000000062593b40>] netlink_unicast+0x43f/0x640
>> [<000000001d0b13cc>] netlink_sendmsg+0x73a/0xbf0
>> [<000000003272487f>] __sys_sendto+0x324/0x370
>> [<00000000ef9f1747>] __x64_sys_sendto+0xdd/0x1b0
>> [<000000001e437841>] do_syscall_64+0x3f/0x90
>>
>> Fixes: e624e6c3e777 ("nfc: Add a virtual nci device driver")
>> Signed-off-by: Shang XiaoJing <shangxiaojing@...wei.com>
>> ---
>> changes in v2:
>> - free skb in error paths too.
>> ---
>> drivers/nfc/virtual_ncidev.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
>> index f577449e4935..3a4ad95b40a7 100644
>> --- a/drivers/nfc/virtual_ncidev.c
>> +++ b/drivers/nfc/virtual_ncidev.c
>> @@ -54,16 +54,19 @@ static int virtual_nci_send(struct nci_dev *ndev, struct sk_buff *skb)
>> mutex_lock(&nci_mutex);
>> if (state != virtual_ncidev_enabled) {
>> mutex_unlock(&nci_mutex);
>> + consume_skb(skb);
>
> Ehhh... This looks ok, but now I wonder why none of other NCI send
> driver do it. If the finding is correct, all drivers have same issue.
yes, i'll try to reproduce these issues, and make another patch set if
there are the issues.
Thanks,
--
Shang XiaoJing
Powered by blists - more mailing lists