github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
524f70b30e
linux/drivers/net/can
History
Pavel Skripkin 6bd3d80d1f can: mcba_usb: fix memory leak in mcba_usb 
commit 91c0255717 upstream.

Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS
Analyzer Tool. The problem was in unfreed usb_coherent.

In mcba_usb_start() 20 coherent buffers are allocated and there is
nothing, that frees them:

1) In callback function the urb is resubmitted and that's all
2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER
   is not set (see mcba_usb_start) and this flag cannot be used with
   coherent buffers.

Fail log:
| [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: device disconnected
| [ 1367.059384][ T8420] kmemleak: 20 new suspected memory leaks (see /sys/kernel/debug/kmem)

So, all allocated buffers should be freed with usb_free_coherent()
explicitly

NOTE:
The same pattern for allocating and freeing coherent buffers
is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c

Fixes: 51f3baad7d ("can: mcba_usb: Add support for Microchip CAN BUS Analyzer")
Link: https://lore.kernel.org/r/20210609215833.30393-1-paskripkin@gmail.com
Cc: linux-stable <stable@vger.kernel.org>
Reported-and-tested-by: syzbot+57281c762a3922e14dfe@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-23 14:42:50 +02:00
..
c_can can: c_can: move runtime PM enable/disable to c_can_platform 2021-03-30 14:32:00 +02:00
cc770 can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
dev net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
ifi_canfd treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
m_can can: m_can: m_can_tx_work_queue(): fix tx_skb race condition 2021-05-19 10:13:08 +02:00
mscan can: mscan: simplify clock enable/disable 2020-09-21 10:13:19 +02:00
peak_canfd can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on 2020-11-03 22:30:32 +01:00
rcar treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
sja1000 can: sja1000: sja1000_err(): don't count arbitration lose as an error 2020-11-30 12:43:54 +01:00
softing can: softing: softing_netdev_open(): fix error handling 2020-12-05 13:08:11 -08:00
spi can: mcp251x: fix resume from sleep before interface was brought up 2021-05-19 10:13:08 +02:00
usb can: mcba_usb: fix memory leak in mcba_usb 2021-06-23 14:42:50 +02:00
at91_can.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
flexcan.c can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate 2021-03-30 14:31:59 +02:00
grcan.c can: drivers: fix spelling mistakes 2020-09-21 10:13:16 +02:00
janz-ican3.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
Kconfig can: kvaser_pciefd: select CONFIG_CRC32 2021-01-17 14:17:00 +01:00
kvaser_pciefd.c can: kvaser_pciefd: Always disable bus load reporting 2021-03-30 14:31:59 +02:00
led.c
Makefile can: dev: move driver related infrastructure into separate subdir 2021-04-07 15:00:07 +02:00
pch_can.c can: pch_can: use generic power management 2020-09-21 10:13:18 +02:00
slcan.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
sun4i_can.c can: sun4i_can: sun4i_can_err(): don't count arbitration lose as an error 2020-11-30 12:43:54 +01:00
ti_hecc.c can: ti_hecc: Fix memleak in ti_hecc_probe 2020-11-15 18:24:35 +01:00
vcan.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
vxcan.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
xilinx_can.c can: xilinx_can: handle failure cases of pm_runtime_get_sync 2020-11-03 22:30:32 +01:00