Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4266961pxf; Tue, 6 Apr 2021 11:56:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy2u+DOcxCQmotOLAiL2uLhGs9iIGvnWxy+MloxLusQ6Flr9MWOkjk1QmDZgVBwQcmarrvP X-Received: by 2002:a6b:d60c:: with SMTP id w12mr24326880ioa.105.1617735416248; Tue, 06 Apr 2021 11:56:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617735416; cv=none; d=google.com; s=arc-20160816; b=EdeN0IfA1TzCKD6pbhLbrIoaJE6oL5azRqg2tWqAa4wFxDrmtTtc9+tUp724qAf5lQ p5tN/HQ5NN0rQ+0b754QA14X8g/h9FZ1vrBjPSXBzRDeC6MSL7h0A74i0A5zwQjab5pR g8EL78vUKXZ+I2tDAUgjAWc4S8Se4tK4Nh/SNfK16fRfW5bQYMDnHPQSBTde9lOZC7Js tLdbeDwWAya6HHe+oMZx5sfht5224ep7oYbXImMGWObz95asxxDuojwynehYkR5+UgXu 28QwcdTGBJKXlc+9Tq9cAmPygO5iDtV1Xrr+bTLmCcY6VXJAbQrHBraRw0xR3mlD/JHd EELQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=Smp4MRVLLNFUnOv70Z5XSGoIqeMHHh6mJ4G83RG34ns=; b=mMQ2NhAvVYfa/ean96dTeNdy/qLPVK6fkUoi0aJ84K06pT99BZUjJfzNvQumm8RgGI gjIIDvOd1FT80FVvMpDaxlGPJ7B7WxsBOr/sdoqe7WZ03YTmNdBenOqYWEjl7ZbJ/aMa J1LgCvLVG/SVvwmHftUzE8JyMIjHzuHpqSQXeHREhHtyNSXSrz3lY/th9+pzTbFvE/Yl VzJ0UUPMsM9Q37upGrgDNY6cqymNAVeESiLD/JKa4MZX39zZWExGf5/EZR061x6aAOt0 Beqjg5MKc/Vwz/uLsE37IB1XInpnps50STWm62wt5S8ori+k88nI/tjaN+iyfiK3rtV4 eAZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@xs4all.nl header.s=s2 header.b=Yybzm13G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g4si18598470ile.56.2021.04.06.11.56.44; Tue, 06 Apr 2021 11:56:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@xs4all.nl header.s=s2 header.b=Yybzm13G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242453AbhDFKH4 (ORCPT + 99 others); Tue, 6 Apr 2021 06:07:56 -0400 Received: from lb2-smtp-cloud9.xs4all.net ([194.109.24.26]:57185 "EHLO lb2-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236660AbhDFKHz (ORCPT ); Tue, 6 Apr 2021 06:07:55 -0400 Received: from cust-b5b5937f ([IPv6:fc0c:c16d:66b8:757f:c639:739b:9d66:799d]) by smtp-cloud9.xs4all.net with ESMTPA id TicYl4EOH43ycTicclNVCp; Tue, 06 Apr 2021 12:07:46 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xs4all.nl; s=s2; t=1617703666; bh=Smp4MRVLLNFUnOv70Z5XSGoIqeMHHh6mJ4G83RG34ns=; h=Subject:To:From:Message-ID:Date:MIME-Version:Content-Type:From: Subject; b=Yybzm13G/vqFcbp43DlPIrp8Gd0s+gHw3xJnpMbQbR7LFEM6Wu6TfqjqeeDfjGuNU ib+QD0pN54obSN9VI/IYqAWaFXM93TvPbVFR26aXWdo5WmwS+AdxlZOfAT5Ws68/ks MRkv6bohwIEewPtYutcroMCD/RFqNECEgYyuHMrfQmsoSWzksH3HrK6HxTKQukh9hV guPjwY5jDuDABkYedfot35NEtZsSS6/Wja/c3CRRxD5A6iJFwU6AEaAM44GtBxFfQ4 unWbMgoM7o/lluxr4vOrfyh7EUUkVGn/c/m2a8ZB/i9thjajwwSPeWQmA/0XOCvwFL sqmEchwwyw7QA== Subject: Re: [PATCH] media: em28xx: fix memory leak To: Muhammad Usama Anjum , dan.carpenter@oracle.com, gregkh@linuxfoundation.org, skhan@linuxfoundation.org Cc: syzkaller-bugs@googlegroups.com, dvyukov@google.com, linux-kernel@vger.kernel.org, Mauro Carvalho Chehab , "open list:EM28XX VIDEO4LINUX DRIVER" , stable@vger.kernel.org References: <20210324180753.GA410359@LEGION> <675efa79414d2d8cb3696d3ca3a0c3be99bd92fa.camel@gmail.com> <57f041d036a6a472c1463ab5d5274df5bb646920.camel@gmail.com> From: Hans Verkuil Message-ID: <3cd9808b-a684-f0f2-8ea0-81b404943239@xs4all.nl> Date: Tue, 6 Apr 2021 12:07:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.9.0 MIME-Version: 1.0 In-Reply-To: <57f041d036a6a472c1463ab5d5274df5bb646920.camel@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfOjeiWIl6LzpQHXWGkDVKfhjL1RGlWcrFhZob03hVnI4BYGItPjLfQaKzqmZAtgM3FcS7pcebfi4XPDvDiDqFT1PUwVz2eKjpve5w11RTTm28M8POnNa XR9nsO40iWnzf2raJRr7xpyqB5v5MhYodAPm3rHM5xzY9w6KrpmM/mB618g117/OABXUNeyqz0BsI0V2p4wdtc1NzocpM+a1D5JwEzjEBp9fp2W8IPcyEIoy jLlYJAn06RROv+724oajy9RH65M7LUbMLYNsCbo+icRtxSU3lv1gC98l+1s6Kauq3H2tNJWurRRW58zGJ71YF0EpvYKw4Snh6xsRELyi6qsgyIbUJArrv/x+ ZXXNTlZBeLVbBGvfAG0BguIlTBUWLBCy0OL5mLNadwI4+lybKCjPXUXzpvym7bSepNoLnQ9UjzuIuOHTpVuc9zAyV6ZrYXb8TwXDlKjH6bpQWnkixUmohl6C L4WE/wAlNFTdoarAZvgd2tOJkZ0di5a1EH+thh62A8PABIfas/wEhdaVULY0n5woEEGL1d1/xFv/gjBr Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/04/2021 11:44, Muhammad Usama Anjum wrote: > On Wed, 2021-03-31 at 13:22 +0500, Muhammad Usama Anjum wrote: >> On Wed, 2021-03-24 at 23:07 +0500, Muhammad Usama Anjum wrote: >>> If some error occurs, URB buffers should also be freed. If they aren't >>> freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB >>> buffers as dvb is set to NULL. The function in which error occurs should >>> do all the cleanup for the allocations it had done. >>> >>> Tested the patch with the reproducer provided by syzbot. This patch >>> fixes the memleak. >>> >>> Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com >>> Signed-off-by: Muhammad Usama Anjum >>> --- >>> Resending the same path as some email addresses were missing from the >>> earlier email. >>> >>> syzbot found the following issue on: >>> >>> HEAD commit: 1a4431a5 Merge tag 'afs-fixes-20210315' of git://git.kerne.. >>> git tree: upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=11013a7cd00000 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=ff6b8b2e9d5a1227 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=889397c820fa56adf25d >>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1559ae3ad00000 >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176985c6d00000 >>> >>> drivers/media/usb/em28xx/em28xx-dvb.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c >>> index 526424279637..471bd74667e3 100644 >>> --- a/drivers/media/usb/em28xx/em28xx-dvb.c >>> +++ b/drivers/media/usb/em28xx/em28xx-dvb.c >>> @@ -2010,6 +2010,7 @@ static int em28xx_dvb_init(struct em28xx *dev) >>> return result; >>> >>> out_free: >>> + em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE); >>> kfree(dvb); >>> dev->dvb = NULL; >>> goto ret; >> >> I'd received the following notice and waiting for the review: >> On Thu, 2021-03-25 at 09:06 +0000, Patchwork wrote: >>> Hello, >>> >>> The following patch (submitted by you) has been updated in Patchwork: >>> >>> * linux-media: media: em28xx: fix memory leak >>> - http://patchwork.linuxtv.org/project/linux-media/patch/20210324180753.GA410359@LEGION/ >>> - for: Linux Media kernel patches >>> > This patch has been accepted. This bug was introduced by 27ba0dac. > Will it be backported and submitted for inclusion in stable release by > maintainer automatically? That might not happen since there was no 'Fixes:' tag. Without that it will depend on the stable tree maintainers whether they'll pick it up or not. Regards, Hans