* [PATCH] media: em28xx: fix memory leak
@ 2021-03-24 18:07 Muhammad Usama Anjum
2021-03-31 8:22 ` Muhammad Usama Anjum
0 siblings, 1 reply; 7+ messages in thread
From: Muhammad Usama Anjum @ 2021-03-24 18:07 UTC (permalink / raw)
To: linux-kernel, Mauro Carvalho Chehab, open list:EM28XX VIDEO4LINUX DRIVER
Cc: musamaanjum, syzkaller-bugs, dvyukov
If some error occurs, URB buffers should also be freed. If they aren't
freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
buffers as dvb is set to NULL. The function in which error occurs should
do all the cleanup for the allocations it had done.
Tested the patch with the reproducer provided by syzbot. This patch
fixes the memleak.
Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
---
Resending the same path as some email addresses were missing from the
earlier email.
syzbot found the following issue on:
HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
index 526424279637..471bd74667e3 100644
--- a/drivers/media/usb/em28xx/em28xx-dvb.c
+++ b/drivers/media/usb/em28xx/em28xx-dvb.c
@@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
return result;
out_free:
+ em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
kfree(dvb);
dev->dvb = NULL;
goto ret;
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] media: em28xx: fix memory leak
2021-03-24 18:07 [PATCH] media: em28xx: fix memory leak Muhammad Usama Anjum
@ 2021-03-31 8:22 ` Muhammad Usama Anjum
2021-03-31 8:51 ` Dan Carpenter
2021-04-06 9:44 ` Muhammad Usama Anjum
0 siblings, 2 replies; 7+ messages in thread
From: Muhammad Usama Anjum @ 2021-03-31 8:22 UTC (permalink / raw)
To: hverkuil-cisco
Cc: syzkaller-bugs, dvyukov, linux-kernel, Mauro Carvalho Chehab,
open list:EM28XX VIDEO4LINUX DRIVER, stable
On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> If some error occurs, URB buffers should also be freed. If they aren't
> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> buffers as dvb is set to NULL. The function in which error occurs should
> do all the cleanup for the allocations it had done.
>
> Tested the patch with the reproducer provided by syzbot. This patch
> fixes the memleak.
>
> Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
> Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
> ---
> Resending the same path as some email addresses were missing from the
> earlier email.
>
> syzbot found the following issue on:
>
> HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
>
> drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> index 526424279637..471bd74667e3 100644
> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> return result;
>
> out_free:
> + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> kfree(dvb);
> dev->dvb = NULL;
> goto ret;
I'd received the following notice and waiting for the review:
On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
> Hello,
>
> The following patch (submitted by you) has been updated in Patchwork:
>
> * linux-media: media: em28xx: fix memory leak
> - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
> - for: Linux Media kernel patches
> was: New
> now: Under Review
>
> This email is a notification only - you do not need to respond.
>
> Happy patchworking.
>
Thanks,
Usama
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] media: em28xx: fix memory leak
2021-03-31 8:22 ` Muhammad Usama Anjum
@ 2021-03-31 8:51 ` Dan Carpenter
2021-04-06 9:44 ` Muhammad Usama Anjum
1 sibling, 0 replies; 7+ messages in thread
From: Dan Carpenter @ 2021-03-31 8:51 UTC (permalink / raw)
To: Muhammad Usama Anjum
Cc: hverkuil-cisco, syzkaller-bugs, dvyukov, linux-kernel,
Mauro Carvalho Chehab, open list:EM28XX VIDEO4LINUX DRIVER,
stable
On Wed, Mar 31, 2021 at 01:22:01PM +0500, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> > If some error occurs, URB buffers should also be freed. If they aren't
> > freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> > buffers as dvb is set to NULL. The function in which error occurs should
> > do all the cleanup for the allocations it had done.
> >
> > Tested the patch with the reproducer provided by syzbot. This patch
> > fixes the memleak.
> >
> > Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
> > Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
> > ---
> > Resending the same path as some email addresses were missing from the
> > earlier email.
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> > dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> >
> > drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> > index 526424279637..471bd74667e3 100644
> > --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> > +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> > @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> > return result;
> >
> > out_free:
> > + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> > kfree(dvb);
> > dev->dvb = NULL;
> > goto ret;
>
> I'd received the following notice and waiting for the review:
Please wait a minimum of two weeks before asking for updates.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] media: em28xx: fix memory leak
2021-03-31 8:22 ` Muhammad Usama Anjum
2021-03-31 8:51 ` Dan Carpenter
@ 2021-04-06 9:44 ` Muhammad Usama Anjum
2021-04-06 10:07 ` Hans Verkuil
1 sibling, 1 reply; 7+ messages in thread
From: Muhammad Usama Anjum @ 2021-04-06 9:44 UTC (permalink / raw)
To: hverkuil-cisco, dan.carpenter, gregkh, skhan
Cc: musamaanjum, syzkaller-bugs, dvyukov, linux-kernel,
Mauro Carvalho Chehab, open list:EM28XX VIDEO4LINUX DRIVER,
stable
On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
> > If some error occurs, URB buffers should also be freed. If they aren't
> > freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> > buffers as dvb is set to NULL. The function in which error occurs should
> > do all the cleanup for the allocations it had done.
> >
> > Tested the patch with the reproducer provided by syzbot. This patch
> > fixes the memleak.
> >
> > Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
> > Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
> > ---
> > Resending the same path as some email addresses were missing from the
> > earlier email.
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
> > dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
> >
> > drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> > index 526424279637..471bd74667e3 100644
> > --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> > +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> > @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> > return result;
> >
> > out_free:
> > + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> > kfree(dvb);
> > dev->dvb = NULL;
> > goto ret;
>
> I'd received the following notice and waiting for the review:
> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
> > Hello,
> >
> > The following patch (submitted by you) has been updated in Patchwork:
> >
> > * linux-media: media: em28xx: fix memory leak
> > - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
> > - for: Linux Media kernel patches
> >
This patch has been accepted. This bug was introduced by 27ba0dac.
Will it be backported and submitted for inclusion in stable release by
maintainer automatically?
> >
>
> Thanks,
> Usama
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] media: em28xx: fix memory leak
2021-04-06 9:44 ` Muhammad Usama Anjum
@ 2021-04-06 10:07 ` Hans Verkuil
0 siblings, 0 replies; 7+ messages in thread
From: Hans Verkuil @ 2021-04-06 10:07 UTC (permalink / raw)
To: Muhammad Usama Anjum, dan.carpenter, gregkh, skhan
Cc: syzkaller-bugs, dvyukov, linux-kernel, Mauro Carvalho Chehab,
open list:EM28XX VIDEO4LINUX DRIVER, stable
On 06/04/2021 11:44, Muhammad Usama Anjum wrote:
> On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote:
>> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote:
>>> If some error occurs, URB buffers should also be freed. If they aren't
>>> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
>>> buffers as dvb is set to NULL. The function in which error occurs should
>>> do all the cleanup for the allocations it had done.
>>>
>>> Tested the patch with the reproducer provided by syzbot. This patch
>>> fixes the memleak.
>>>
>>> Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
>>> Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
>>> ---
>>> Resending the same path as some email addresses were missing from the
>>> earlier email.
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
>>> git tree: upstream
>>> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
>>> kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
>>> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
>>>
>>> drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> index 526424279637..471bd74667e3 100644
>>> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
>>> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
>>> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
>>> return result;
>>>
>>> out_free:
>>> + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
>>> kfree(dvb);
>>> dev->dvb = NULL;
>>> goto ret;
>>
>> I'd received the following notice and waiting for the review:
>> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote:
>>> Hello,
>>>
>>> The following patch (submitted by you) has been updated in Patchwork:
>>>
>>> * linux-media: media: em28xx: fix memory leak
>>> - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/
>>> - for: Linux Media kernel patches
>>>
> This patch has been accepted. This bug was introduced by 27ba0dac.
> Will it be backported and submitted for inclusion in stable release by
> maintainer automatically?
That might not happen since there was no 'Fixes:' tag. Without that it
will depend on the stable tree maintainers whether they'll pick it up or not.
Regards,
Hans
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] media: em28xx: fix memory leak
2021-03-22 14:54 Muhammad Usama Anjum
@ 2021-03-22 15:13 ` Muhammad Usama Anjum
0 siblings, 0 replies; 7+ messages in thread
From: Muhammad Usama Anjum @ 2021-03-22 15:13 UTC (permalink / raw)
To: linux-kernel, Mauro Carvalho Chehab, dvyukov; +Cc: syzkaller-bugs, musamaanjum
On Mon, 2021-03-22 at 19:54 +0500, Muhammad Usama Anjum wrote:
> If some error occurs, URB buffers should also be freed. If they aren't
> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
> buffers as dvb is set to NULL. The function in which error occurs should
> do all the cleanup for the allocations it had done.
>
> Tested the patch with the reproducer provided by syzbot. This patch
> fixes the memleak.
>
> Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
> Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
> ---
> drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
> index 526424279637..471bd74667e3 100644
> --- a/drivers/media/usb/em28xx/em28xx-dvb.c
> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c
> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
> return result;
>
> out_free:
> + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
> kfree(dvb);
> dev->dvb = NULL;
> goto ret;
I should have replied to email originated by the syzbot. Anyhow here are some
details from that email:
syzbot found the following issue on:
HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227
dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
Thanks,
Usama
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] media: em28xx: fix memory leak
@ 2021-03-22 14:54 Muhammad Usama Anjum
2021-03-22 15:13 ` Muhammad Usama Anjum
0 siblings, 1 reply; 7+ messages in thread
From: Muhammad Usama Anjum @ 2021-03-22 14:54 UTC (permalink / raw)
To: linux-kernel, Mauro Carvalho Chehab, dvyukov; +Cc: musamaanjum
If some error occurs, URB buffers should also be freed. If they aren't
freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
buffers as dvb is set to NULL. The function in which error occurs should
do all the cleanup for the allocations it had done.
Tested the patch with the reproducer provided by syzbot. This patch
fixes the memleak.
Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
---
drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
index 526424279637..471bd74667e3 100644
--- a/drivers/media/usb/em28xx/em28xx-dvb.c
+++ b/drivers/media/usb/em28xx/em28xx-dvb.c
@@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev)
return result;
out_free:
+ em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
kfree(dvb);
dev->dvb = NULL;
goto ret;
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-04-06 10:07 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-24 18:07 [PATCH] media: em28xx: fix memory leak Muhammad Usama Anjum
2021-03-31 8:22 ` Muhammad Usama Anjum
2021-03-31 8:51 ` Dan Carpenter
2021-04-06 9:44 ` Muhammad Usama Anjum
2021-04-06 10:07 ` Hans Verkuil
-- strict thread matches above, loose matches on Subject: below --
2021-03-22 14:54 Muhammad Usama Anjum
2021-03-22 15:13 ` Muhammad Usama Anjum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).