syzbot reported memory leak in tty/vt.
The problem was in VT_DISALLOCATE ioctl cmd.
After allocating unimap with PIO_UNIMAP it wasn't
freed via VT_DISALLOCATE, but vc_cons[currcons].d was
zeroed.
Signed-off-by: Pavel Skripkin <[email protected]>
Reported-by: [email protected]
---
drivers/tty/vt/vt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 284b07224c55..0cc360da5426 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1381,6 +1381,7 @@ struct vc_data *vc_deallocate(unsigned int currcons)
atomic_notifier_call_chain(&vt_notifier_list, VT_DEALLOCATE, ¶m);
vcs_remove_sysfs(currcons);
visual_deinit(vc);
+ con_free_unimap(vc);
put_pid(vc->vt_pid);
vc_uniscr_set(vc, NULL);
kfree(vc->vc_screenbuf);
--
2.30.2
On Sun, Mar 28, 2021 at 12:44:43AM +0300, Pavel Skripkin wrote:
> syzbot reported memory leak in tty/vt.
> The problem was in VT_DISALLOCATE ioctl cmd.
> After allocating unimap with PIO_UNIMAP it wasn't
> freed via VT_DISALLOCATE, but vc_cons[currcons].d was
> zeroed.
>
> Signed-off-by: Pavel Skripkin <[email protected]>
> Reported-by: [email protected]
> ---
> drivers/tty/vt/vt.c | 1 +
> 1 file changed, 1 insertion(+)
Is this patch tested by syzbot to fix the problem?
thanks,
greg k-h
Hi!
On Sun, 2021-03-28 at 10:45 +0200, Greg KH wrote:
> On Sun, Mar 28, 2021 at 12:44:43AM +0300, Pavel Skripkin wrote:
> > syzbot reported memory leak in tty/vt.
> > The problem was in VT_DISALLOCATE ioctl cmd.
> > After allocating unimap with PIO_UNIMAP it wasn't
> > freed via VT_DISALLOCATE, but vc_cons[currcons].d was
> > zeroed.
> >
> > Signed-off-by: Pavel Skripkin <[email protected]>
> > Reported-by: [email protected]
> > ---
> > drivers/tty/vt/vt.c | 1 +
> > 1 file changed, 1 insertion(+)
>
> Is this patch tested by syzbot to fix the problem?
>
Yeah, it's tested.
https://syzkaller.appspot.com/bug?id=083cb8bd8468537151a57339ae72d505bb5bded0
> thanks,
>
> greg k-h
--
With regards,
Pavel Skripkin