From: jouni.hogander@unikie.com (Jouni Högander)
To: netdev@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>,
Oliver Hartkopp <socketcan@hartkopp.net>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>
Subject: Re: [PATCH] slip: Fix memory leak in slip_open error path
Date: Thu, 14 Nov 2019 09:25:23 +0200 [thread overview]
Message-ID: <87sgmqapi4.fsf@unikie.com> (raw)
In-Reply-To: <20191113114502.22462-1-jouni.hogander@unikie.com> (jouni hogander's message of "Wed, 13 Nov 2019 13:45:02 +0200")
jouni.hogander@unikie.com writes:
> From: Jouni Hogander <jouni.hogander@unikie.com>
>
> Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected
> by Syzkaller in slcan. Same issue exists in slip.c and this patch is
> addressing the leak in slip.c.
>
> Here is the slcan memory leak trace reported by Syzkaller:
>
> BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096):
> comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s)
> hex dump (first 32 bytes):
> 73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0..........
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<00000000a06eec0d>] __kmalloc+0x18b/0x2c0
> [<0000000083306e66>] kvmalloc_node+0x3a/0xc0
> [<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080
> [<0000000061a996c9>] slcan_open+0x3ae/0x9a0
> [<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0
> [<0000000019289631>] tty_set_ldisc+0x28c/0x5f0
> [<000000004de5a617>] tty_ioctl+0x48d/0x1590
> [<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510
> [<0000000059068dbc>] ksys_ioctl+0x99/0xb0
> [<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0
> [<0000000053d0332e>] do_syscall_64+0x16f/0x580
> [<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [<000000008ea75434>] 0xfffffffffffffff
>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Oliver Hartkopp <socketcan@hartkopp.net>
> Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
> Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com>
> ---
> drivers/net/slip/slip.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c
> index cac64b96d545..4d479e3c817d 100644
> --- a/drivers/net/slip/slip.c
> +++ b/drivers/net/slip/slip.c
> @@ -855,6 +855,7 @@ static int slip_open(struct tty_struct *tty)
> sl->tty = NULL;
> tty->disc_data = NULL;
> clear_bit(SLF_INUSE, &sl->flags);
> + free_netdev(sl->dev);
>
> err_exit:
> rtnl_unlock();
Observed panic in another error path in my overnight Syzkaller run with
this patch. Better not to apply it. Sorry for inconvenience.
BR,
Jouni Högander
next prev parent reply other threads:[~2019-11-14 7:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 11:45 [PATCH] slip: Fix memory leak in slip_open error path jouni.hogander
2019-11-13 20:08 ` David Miller
2019-11-14 7:25 ` Jouni Högander [this message]
2019-11-14 8:51 ` Jouni Högander
2019-11-14 9:09 ` David Miller
2019-11-14 9:30 ` Jouni Högander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sgmqapi4.fsf@unikie.com \
--to=jouni.hogander@unikie.com \
--cc=davem@davemloft.net \
--cc=lukas.bulwahn@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=socketcan@hartkopp.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.