From: Pavel Skripkin <paskripkin@gmail.com> To: hverkuil-cisco@xs4all.nl, mchehab@kernel.org, oneukum@suse.com, gregkh@suse.de Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kernel-mentees@lists.linuxfoundation.org, Pavel Skripkin <paskripkin@gmail.com> Subject: [PATCH 1/2] media: go7007: fix memory leak in go7007_usb_probe Date: Sun, 20 Jun 2021 22:45:02 +0300 [thread overview] Message-ID: <fd632c9a289eb28ded37b573e999a8f4e7402ca3.1624217907.git.paskripkin@gmail.com> (raw) In-Reply-To: <cover.1624217907.git.paskripkin@gmail.com> In commit 137641287eb4 ("go7007: add sanity checking for endpoints") endpoint sanity check was introduced, but if check fails it simply returns with leaked pointers. Cutted log from my local syzbot instance: BUG: memory leak unreferenced object 0xffff8880209f0000 (size 8192): comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s) hex dump (first 32 bytes): 30 b0 27 22 80 88 ff ff 75 73 62 2d 64 75 6d 6d 0.'"....usb-dumm 79 5f 68 63 64 2e 33 2d 31 00 00 00 00 00 00 00 y_hcd.3-1....... backtrace: [<ffffffff860ca856>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff860ca856>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff860ca856>] go7007_alloc+0x46/0xb40 drivers/media/usb/go7007/go7007-driver.c:696 [<ffffffff860de74e>] go7007_usb_probe+0x13e/0x2200 drivers/media/usb/go7007/go7007-usb.c:1114 [<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396 [<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576 BUG: memory leak unreferenced object 0xffff88801e2f2800 (size 512): comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s) hex dump (first 32 bytes): 00 87 40 8a ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff860de794>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff860de794>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff860de794>] go7007_usb_probe+0x184/0x2200 drivers/media/usb/go7007/go7007-usb.c:1118 [<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396 [<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576 Fixes: 137641287eb4 ("go7007: add sanity checking for endpoints") Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/media/usb/go7007/go7007-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/go7007/go7007-usb.c b/drivers/media/usb/go7007/go7007-usb.c index dbf0455d5d50..eeb85981e02b 100644 --- a/drivers/media/usb/go7007/go7007-usb.c +++ b/drivers/media/usb/go7007/go7007-usb.c @@ -1134,7 +1134,7 @@ static int go7007_usb_probe(struct usb_interface *intf, ep = usb->usbdev->ep_in[4]; if (!ep) - return -ENODEV; + goto allocfail; /* Allocate the URB and buffer for receiving incoming interrupts */ usb->intr_urb = usb_alloc_urb(0, GFP_KERNEL); -- 2.32.0
WARNING: multiple messages have this Message-ID (diff)
From: Pavel Skripkin <paskripkin@gmail.com> To: hverkuil-cisco@xs4all.nl, mchehab@kernel.org, oneukum@suse.com, gregkh@suse.de Cc: linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org Subject: [PATCH 1/2] media: go7007: fix memory leak in go7007_usb_probe Date: Sun, 20 Jun 2021 22:45:02 +0300 [thread overview] Message-ID: <fd632c9a289eb28ded37b573e999a8f4e7402ca3.1624217907.git.paskripkin@gmail.com> (raw) In-Reply-To: <cover.1624217907.git.paskripkin@gmail.com> In commit 137641287eb4 ("go7007: add sanity checking for endpoints") endpoint sanity check was introduced, but if check fails it simply returns with leaked pointers. Cutted log from my local syzbot instance: BUG: memory leak unreferenced object 0xffff8880209f0000 (size 8192): comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s) hex dump (first 32 bytes): 30 b0 27 22 80 88 ff ff 75 73 62 2d 64 75 6d 6d 0.'"....usb-dumm 79 5f 68 63 64 2e 33 2d 31 00 00 00 00 00 00 00 y_hcd.3-1....... backtrace: [<ffffffff860ca856>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff860ca856>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff860ca856>] go7007_alloc+0x46/0xb40 drivers/media/usb/go7007/go7007-driver.c:696 [<ffffffff860de74e>] go7007_usb_probe+0x13e/0x2200 drivers/media/usb/go7007/go7007-usb.c:1114 [<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396 [<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576 BUG: memory leak unreferenced object 0xffff88801e2f2800 (size 512): comm "kworker/0:4", pid 4916, jiffies 4295263583 (age 29.310s) hex dump (first 32 bytes): 00 87 40 8a ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff860de794>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff860de794>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff860de794>] go7007_usb_probe+0x184/0x2200 drivers/media/usb/go7007/go7007-usb.c:1118 [<ffffffff854a5f74>] usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396 [<ffffffff845a7151>] really_probe+0x291/0xf60 drivers/base/dd.c:576 Fixes: 137641287eb4 ("go7007: add sanity checking for endpoints") Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- drivers/media/usb/go7007/go7007-usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/go7007/go7007-usb.c b/drivers/media/usb/go7007/go7007-usb.c index dbf0455d5d50..eeb85981e02b 100644 --- a/drivers/media/usb/go7007/go7007-usb.c +++ b/drivers/media/usb/go7007/go7007-usb.c @@ -1134,7 +1134,7 @@ static int go7007_usb_probe(struct usb_interface *intf, ep = usb->usbdev->ep_in[4]; if (!ep) - return -ENODEV; + goto allocfail; /* Allocate the URB and buffer for receiving incoming interrupts */ usb->intr_urb = usb_alloc_urb(0, GFP_KERNEL); -- 2.32.0 _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2021-06-20 19:45 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-06-20 19:44 [PATCH 0/2] media: go7007: code improvment and bug fixes Pavel Skripkin 2021-06-20 19:44 ` Pavel Skripkin 2021-06-20 19:45 ` Pavel Skripkin [this message] 2021-06-20 19:45 ` [PATCH 1/2] media: go7007: fix memory leak in go7007_usb_probe Pavel Skripkin 2021-06-20 19:45 ` [PATCH 2/2] media: go7007: remove redundant initialization Pavel Skripkin 2021-06-20 19:45 ` Pavel Skripkin 2021-07-06 17:15 ` [PATCH 0/2] media: go7007: code improvment and bug fixes Pavel Skripkin 2021-07-06 17:15 ` Pavel Skripkin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=fd632c9a289eb28ded37b573e999a8f4e7402ca3.1624217907.git.paskripkin@gmail.com \ --to=paskripkin@gmail.com \ --cc=gregkh@suse.de \ --cc=hverkuil-cisco@xs4all.nl \ --cc=linux-kernel-mentees@lists.linuxfoundation.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-media@vger.kernel.org \ --cc=mchehab@kernel.org \ --cc=oneukum@suse.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.