Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3075357lqo; Tue, 21 May 2024 06:19:03 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUsIj+BaDKXzldUvdxh29DpfIIgdMvhItrBHbi5Fyp/C6BdujaendiR5apOjDJCow4WiC0ssI5ZOtP64pqw0NfDHyF/bphcjwLhK6ml3w== X-Google-Smtp-Source: AGHT+IHzJ4dByU/kyNRyYD7Hw1RFeBfoPsN/3bfJhIx53Hc5hrx2nuNwKlWwgLs0EBlBqCWjujuZ X-Received: by 2002:a05:6e02:1fc1:b0:36c:4688:85b0 with SMTP id e9e14a558f8ab-36cc14763e3mr394249235ab.5.1716297543027; Tue, 21 May 2024 06:19:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716297543; cv=pass; d=google.com; s=arc-20160816; b=FsVdT+oJkMITAIMMLAISPjYM/zWbF6mlks0EJypblMNh/jzOhZJ1QIEBoAaveRh+Sv M7zUrQQDUKjUy2PjZlpCwR58Ft9hxJ4Th+LZTf64XTljlaTTo86zzYRzFA68rfykPNOQ +UwUJ4yRMLY5Q0dTQ4ol7pew+jV/RhhV3ur3fgFEmTEhrFObRtqT4IuAAFX7RGUk50+P B+7+A7bmaTKq4rkSGUpiFYmlYqbKnUbP9V6G2ZV6w0KKZmQJo8OrDdGVyH6Jhs5paO2Q Egaf7DQ5ioW4HhGYHAuvdKYtQScsspT1Fvdwa0x5/vQrYYc41M2KA5/sxIQ4r9kZL+7T 7j7A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=Q1O/tA1X52KoacjGgYTBwOD/S3x5qNEiGtfQjLayBOw=; fh=OJlRkNzBuUYGwY3K5/PPxdRbI4ay0eFLz8Ern+H6S7c=; b=v/fwsNJ/Tc2JuarWVflqDmZ+fXCIfsU3Xn+6vZxJJZxsEPXJmt8j+yafA3AZo3y45g bEvmNj9KbGugtYMdvbfV/9B02M/yJQGgzisDeF6oeBNeXCjiG8S4/fOwPNHZyFnHRtAy auVeHh6MFEpINpEfNoXLUGzyibbWCQzl/7a7P987RpmeNR4Faw7JpaxYbqH0JIJaoBDT OnHMTCkwi8+U2UeemsVYmh4BoVntbbSpghMo76WsfZRN5G9+qW7+3puQKDr8tfeUsVTx cgTNz82vuY+PzRkWeCYXeHiHvqRl0kdS7d+7dLjV8Sw6umKJ4+GP9sxKKoE/1Tau11tl L6Ww==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.com header.s=google header.b="JcB/QtWc"; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-185003-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185003-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d2e1a72fcca58-6f4d2b1bad5si10542169b3a.253.2024.05.21.06.19.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 06:19:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185003-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=google header.b="JcB/QtWc"; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel+bounces-185003-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185003-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9A3B12834C8 for ; Tue, 21 May 2024 13:19:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7944378C67; Tue, 21 May 2024 13:18:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="JcB/QtWc" Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E16C3D982 for ; Tue, 21 May 2024 13:18:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.169 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716297529; cv=none; b=egywfcQsy97p5xV3nrdXM3Ls6G5EOwHb+zMkItOMFmqGpRSmzGz9+Fcax0d11DIZACYbn+M+Esij27srK5LX6hA1PsGhCVWaLf+gm4d29p74ROHzeZ9EGkUdoZAfpJ/O5JTTywiFmyKteRc7R54dWTlc5Xt9W9xW6cWwRw83NP8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716297529; c=relaxed/simple; bh=Q3BzpxQzxgTGjpvVz0n6kxxufoCrf94YvT7kGwQ/znw=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=mJZnT4hjC/urV12IPBBPdYRqtHe+iL7Tnxqukn04xtjpbIYUEaCe5sb7Cy0Sg4VPAkbumgK9PgZ3qq/BZelqgsdgdcGQtcLSbDTy4ICPm05FUGvfuxjaRmME6rFxqGiQZmO0JOEPG6ymzIEn3c+CnD4EeZ7M1BB+JKP5RUJ3iDc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=JcB/QtWc; arc=none smtp.client-ip=209.85.208.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2e724bc46c4so25597661fa.2 for ; Tue, 21 May 2024 06:18:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1716297526; x=1716902326; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=Q1O/tA1X52KoacjGgYTBwOD/S3x5qNEiGtfQjLayBOw=; b=JcB/QtWcjtBir8Rro4/nIV9Ne50n7BVk4xDecHzG3tluIFnC2J7U0rxyuGk6w1zR6N Wels6fy8CYgDhoU+BHM5p1fTfs0AtJWI5J5ygEVt58QwqBPq5vQ4wPTzqu4iFWkt5ptH yckpgqoXT2R8vS7IUPDTfSWiLa6y3F3xAwHOiGcs4AtF1KrF9jxQsPqsdn9qUHkugaDl DpWlxHYPBHdK20v/3kcK4Y35Yv1SjLMf5vLyoEX5BG0LeRCdt1RlX9zamG3aM7nXf9wx O0qaBcQrwRucPlhGO+WSIE90visTo1QduoYd0pmNicuWwiRzRIs44eggXFmsCZyBQVxs CEsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716297526; x=1716902326; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Q1O/tA1X52KoacjGgYTBwOD/S3x5qNEiGtfQjLayBOw=; b=nGYKVL2q0+gruswezK3kDQFiOZcxmCailgUsgNat1MKmSTJhnXxzwto3oY4uLhXnOB sgOS43gmt3GJbWECr/ayjls9ObsdUXxtpKmnjlHAM+zuoByEY6hw+C61jIF81zZ/kLO3 HEGhS0D4ei5A8svWY5GcWwlvEcPQOArgSv71uRBOQ+8acKnK16NnSeKXpHo2eNZqMjp1 cntqbEvrIQdLm93dYue/3Mm+J1dogbU1YQV7NhaRuxf4JJhCI6me4nbsKy3sqRK9rXQu Z8pz03SLnrAjmsTjoqDIvusg1h2jJZHtYzOwvgjfA9BLwpFTDqIRWogeqqCAxvPLVTSM cGrA== X-Forwarded-Encrypted: i=1; AJvYcCUxchgnDycMKtWWlRU586vUHL8njZVzamoFt6oRD5iA7ATHC9EcsEOT5QMBjKWLljLLsYH/GHHa03OfYgvox9c6wFcfITl/+tnPmLjg X-Gm-Message-State: AOJu0YyLEfbppe+9k6Vqyf8RJI+h4PBbVkLTI2n3KBwqWurUDSuyjL5U 6aRTZJ+F3mmfElIBM/ExyNVrkG0H4/acz8nezfCw35JJhbuWvyrLz0H0kcp0laudDaMzGeyUqQi v X-Received: by 2002:a2e:bc1b:0:b0:2e7:3484:5236 with SMTP id 38308e7fff4ca-2e7348454d5mr24652261fa.15.1716297525639; Tue, 21 May 2024 06:18:45 -0700 (PDT) Received: from ?IPV6:2001:a61:139b:bf01:e8eb:4d8f:8770:df82? ([2001:a61:139b:bf01:e8eb:4d8f:8770:df82]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-41f87b2653bsm497199255e9.4.2024.05.21.06.18.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 May 2024 06:18:45 -0700 (PDT) Message-ID: Date: Tue, 21 May 2024 15:18:44 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: memory leakage in ncm_wrap_ntb() in USB ncm mode with kernel 5.15 To: "nanfengwq@sina.com" , gregkh Cc: balbi , linux-usb , linux-kernel References: <2024051922230825069112@sina.com> <2024051901-gimmick-cosponsor-f2dd@gregkh> <202405202232198531894@sina.com> Content-Language: en-US From: Oliver Neukum In-Reply-To: <202405202232198531894@sina.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 20.05.24 16:32, nanfengwq@sina.com wrote: > hello: > In embedded devices with relatively small memory, if the transfer speed of ncm is fast and other programs occupy CPU memory, it is likely that the return value ncm ->skd_tx_data of alloc_skb() is NULL, and the code is likely to enter err. If skb2 is not processed in err, it will cause memory leakage. Hi, apart from the submission process, could you please explain how this condition may happem? if (skb) { [..] if (ncm->skb_tx_data We know ncm->skb_tx_data != NULL && skb != NULL && (ncm->ndp_dgram_count >= TX_MAX_NUM_DPE || (ncm->skb_tx_data->len + div + rem + skb->len + ncm->skb_tx_ndp->len + ndp_align + (2 * dgram_idx_len)) > max_size)) { skb2 = package_for_tx(ncm); if (!ncm->skb_tx_data) { We know ncm->skb_tx_data == NULL && skb != NULL /* Create a new skb for the NTH and datagrams. */ ncm->skb_tx_data = alloc_skb(max_size, GFP_ATOMIC); if (!ncm->skb_tx_data) goto err; It seems to me that either skb2 = package_for_tx(ncm); or ncm->skb_tx_data = alloc_skb(max_size, GFP_ATOMIC); can be executed. The code paths seem to be mutually exclusive. Regards Oliver