From: Pavel Skripkin <paskripkin@gmail.com>
To: Yasushi SHOJI <yasushi.shoji@gmail.com>
Cc: linux-can@vger.kernel.org, mkl@pengutronix.de
Subject: Re: [PATCH] can: mcba_usb: fix memory leak in mcba_usb
Date: Sun, 25 Jul 2021 11:12:42 +0300 [thread overview]
Message-ID: <20210725111242.2d9a819f@gmail.com> (raw)
In-Reply-To: <CAELBRW+6BGDPaUGrTDJtv020zF1AvtBAy2Jb1+i=uDbcH+0SzA@mail.gmail.com>
On Sun, 25 Jul 2021 16:42:49 +0900
Yasushi SHOJI <yasushi.shoji@gmail.com> wrote:
> Hi Pavel,
>
Hi, Yasushi!
> Apologize for the late reply.
>
> Since 6bd3d80d1f019cef, my Microchip CAN Analyzer stopped working,
> more precisely I can't capture any data with it and repeated messages
> from the driver flod the syslog. I usually use the Debian kernel image
> and linux 5.10.46-2 migrated to unstable on July 20th. I noticed my
> device stopped working a few days later but didn't have time to
> bisect.
>
> Does your device work with the patch?
> Does the patch work on the main line?
>
I don't have this device, I just fixed this syzbot bug report:
https://syzkaller.appspot.com/bug?id=c94c1c23e829d5ac97995d51219f0c5a0cd1fa54.
I think, I found the root case. In this patch I saved dma_buff to local
variable and then to array, but forgot to assign it to
urb->transfer_buf. This log
[ 33.862175] DMAR: [DMA Write] Request device [00:14.0] PASID ffffffff fault addr 0 [fault reason 05] PTE Write access is not set
points exactly to this problem.
Can You try the following patch?
diff --git a/drivers/net/can/usb/mcba_usb.c b/drivers/net/can/usb/mcba_usb.c
index a45865bd7254..a1a154c08b7f 100644
--- a/drivers/net/can/usb/mcba_usb.c
+++ b/drivers/net/can/usb/mcba_usb.c
@@ -653,6 +653,8 @@ static int mcba_usb_start(struct mcba_priv *priv)
break;
}
+ urb->transfer_dma = buf_dma;
+
usb_fill_bulk_urb(urb, priv->udev,
usb_rcvbulkpipe(priv->udev, MCBA_USB_EP_IN),
buf, MCBA_USB_RX_BUFF_SIZE,
I've added Marc to this discussion, I believe, he can help us, since he
is CAN maintainer.
I am sorry for breaking your device :(
> I've posted some report with my hardware configuration at debian
> mailing list: https://bugs.debian.org/990850
>
> Please let me know if you need any more information.
>
> Best,
> --
> yashi
With regards,
Pavel Skripkin
next prev parent reply other threads:[~2021-07-25 8:12 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-25 7:42 [PATCH] can: mcba_usb: fix memory leak in mcba_usb Yasushi SHOJI
2021-07-25 8:12 ` Pavel Skripkin [this message]
2021-07-25 9:42 ` Marc Kleine-Budde
2021-07-25 10:18 ` Pavel Skripkin
2021-07-25 10:36 ` [PATCH] net: can: add missing urb->transfer_dma initialization Pavel Skripkin
2021-07-25 13:27 ` Yasushi SHOJI
2021-07-25 16:30 ` Marc Kleine-Budde
2021-07-25 10:44 ` [PATCH] can: mcba_usb: fix memory leak in mcba_usb Yasushi SHOJI
2021-07-25 16:27 ` Marc Kleine-Budde
2021-07-25 16:35 ` Yasushi SHOJI
2021-07-26 9:31 ` Marc Kleine-Budde
2021-07-26 9:34 ` Marc Kleine-Budde
2021-07-26 10:43 ` Yasushi SHOJI
2021-07-26 10:42 ` Yasushi SHOJI
2021-07-26 11:17 ` Marc Kleine-Budde
2021-07-27 2:19 ` Yasushi SHOJI
-- strict thread matches above, loose matches on Subject: below --
2021-06-09 21:58 Pavel Skripkin
2021-06-15 7:33 ` Marc Kleine-Budde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210725111242.2d9a819f@gmail.com \
--to=paskripkin@gmail.com \
--cc=linux-can@vger.kernel.org \
--cc=mkl@pengutronix.de \
--cc=yasushi.shoji@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).