Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp1594733rdb; Wed, 24 Jan 2024 23:32:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IHEqQ1XjIjUiR5oBdYuL9+e9OT8go8z52OCJ2ll7jVnxjRgEobTwta1bFLoAUbrkIYP2fHe X-Received: by 2002:a9d:7751:0:b0:6df:b685:1fde with SMTP id t17-20020a9d7751000000b006dfb6851fdemr511330otl.30.1706167966303; Wed, 24 Jan 2024 23:32:46 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706167966; cv=pass; d=google.com; s=arc-20160816; b=EsU1SJYyyhR1CzA4XZp9erWiz30VRPNGps9KiNpAnlHOsCSpCxtGT7apSn8FQfVGTj hYvWhrpgKikG4g0wv8yLVnJG8TO5lfuwQvvFWzeK6tF3h7EaL74ZXN2aTEFXMotzts/Y qixCinp9SU24TEolHGyGcNhZfeZDjSHTeE/CZmDPhSbQt5Yln/0p0OSy5Ga5b0RETu82 s7vU/eZL0hl9aEjyL3rzBQrI34D6mRtIH82v/eEejRxQEStGHD7CgRRhYk3xKMf/pfPj FneYfJXFQANXCKQeOKuTx1/6Z8MQxWkZGLeC9qLASY2e6a52LxvM2MGjANz+jcNmZQlD AD6A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:cc:to:content-language :subject:user-agent:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:date:message-id; bh=5E6LcMFY/4I27ESePd6Jc4PJS1PZGCM8qgp31izq4ZA=; fh=BFSBo5GPKm9qFL9fQRMOuh2jJtqiqiy7/wS7Ol43Khg=; b=ld/LHGm5r0SqoQl8qGcCs3ivP8QxJvYtBhm9GZmcOSb/Qo0kZXi45yT3LcML9S/+iq rieWtUfFA8oorRaOq+CGM9a/R3r/rb6hNYOgkOK7BIZLceNjrQgmrikthWQk7M/kSNOu xlanY/S7amv9/oR8RJmyFMJKl/J4jbCZlUaZnn/usx/8neVYi+qjSBSSPfem/ZfKS2Eo GDl7xz+9U17jPvASLS0JUcHydGazaFHni4Kn1Sz3CGC1YyQTxHXqsi3NzqvNilaXGLxa 10YH6c1NCYKKzawtQDqE52AEBr0v9yrp6+D8fn6oRjIma868MqNo8L9Q66YpVb+PlknF l2yA== ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=nfschina.com); spf=pass (google.com: domain of linux-kernel+bounces-38072-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-38072-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id d9-20020a633609000000b005cd8f461cf1si12868558pga.515.2024.01.24.23.32.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 23:32:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-38072-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=nfschina.com); spf=pass (google.com: domain of linux-kernel+bounces-38072-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-38072-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E3578B243F3 for ; Thu, 25 Jan 2024 07:30:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4B98D125B7; Thu, 25 Jan 2024 07:30:41 +0000 (UTC) Received: from mail.nfschina.com (unknown [42.101.60.195]) by smtp.subspace.kernel.org (Postfix) with SMTP id 7204310A24; Thu, 25 Jan 2024 07:30:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=42.101.60.195 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706167840; cv=none; b=bC3X8y63iEJM7eOfd6P1hUrms0oinPIX5Rr6UhJuPQGaxab+FfbZ12kEz/1+v5ZKe7OGfVbBzxPZvra7SlSOON+QLCMk7C1H0Naew3+7lX6ORkuWBMuA0WRzmjphNTYMjNMSNFH26aMCw75x2rwKACGvgVhsUFXlrtIlMgYGIFA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706167840; c=relaxed/simple; bh=zezz4fsplqfGvnQtgvPm8PerG232C9kn1Lbh9s3RA7c=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:From:In-Reply-To: Content-Type; b=i9ZiaaYelPZ1xYNAw0rLj8i1kUHOyxpWuYQ5XfDTlKUukdStg7mUqyTisgIXgsW4iWYdgMKp2IlBBwll6sNLDQFdfmGx7bZw9GUvUGSO+NkYHDrcHp5kSBbFkljtdfTXxYmk9Ckf96C3YDeOp6Gr7mX48iFmuRR+jglK7rQUQUg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com; spf=pass smtp.mailfrom=nfschina.com; arc=none smtp.client-ip=42.101.60.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nfschina.com Received: from [172.30.11.106] (unknown [180.167.10.98]) by mail.nfschina.com (Maildata Gateway V2.8.8) with ESMTPSA id 480B9608638A0; Thu, 25 Jan 2024 15:30:15 +0800 (CST) Message-ID: <699a33f7-2584-8d64-3a5c-668088f0dea4@nfschina.com> Date: Thu, 25 Jan 2024 15:30:14 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH] HID: hidraw: fix a problem of memory leak in hidraw_release() Content-Language: en-US To: Dan Carpenter Cc: jikos@kernel.org, benjamin.tissoires@redhat.com, mail@karthek.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui In-Reply-To: <76300deb-f532-4d74-a97a-4cd321ae8f41@moroto.mountain> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2024/1/25 15:11, Dan Carpenter wrote: > On Thu, Jan 25, 2024 at 02:32:26PM +0800, Su Hui wrote: >> 'struct hidraw_list' is a circular queue whose head can be smaller than >> tail. Using 'list->tail != list->head' to release all memory that should >> be released. >> >> Fixes: a5623a203cff ("HID: hidraw: fix memory leak in hidraw_release()") >> Signed-off-by: Su Hui > This is very clever. How did you find that? Was it through static > analysis or just review? Perhaps using syzkaller? Hi, I just met this bug on a real machine and found this problem by reviewing the code. > > Reviewed-by: Dan Carpenter > > I imagine we could write a checker heuristic to identify ->tail and > ->head struct members and then complain if they were ever used in a < > or > comparison. I can't agree any more, great idea! Su Hui