system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-03 18:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/usb
History
Zqiang 129aa97345 usb: raw-gadget: fix memory leak in gadget_setup 
When fetch 'event' from event queue, after copy its address
space content to user space, the 'event' the memory space
pointed to by the 'event' pointer need be freed.

BUG: memory leak
unreferenced object 0xffff888110622660 (size 32):
  comm "softirq", pid 0, jiffies 4294941981 (age 12.480s)
  hex dump (first 32 bytes):
    02 00 00 00 08 00 00 00 80 06 00 01 00 00 40 00  ..............@.
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000efd29abd>] kmalloc include/linux/slab.h:554 [inline]
    [<00000000efd29abd>] raw_event_queue_add drivers/usb/gadget/legacy/raw_gadget.c:66 [inline]
    [<00000000efd29abd>] raw_queue_event drivers/usb/gadget/legacy/raw_gadget.c:225 [inline]
    [<00000000efd29abd>] gadget_setup+0xf6/0x220 drivers/usb/gadget/legacy/raw_gadget.c:343
    [<00000000952c4a46>] dummy_timer+0xb9f/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1899
    [<0000000074ac2c54>] call_timer_fn+0x38/0x200 kernel/time/timer.c:1415
    [<00000000560a3a79>] expire_timers kernel/time/timer.c:1460 [inline]
    [<00000000560a3a79>] __run_timers.part.0+0x319/0x400 kernel/time/timer.c:1757
    [<000000009d9503d0>] __run_timers kernel/time/timer.c:1738 [inline]
    [<000000009d9503d0>] run_timer_softirq+0x3d/0x80 kernel/time/timer.c:1770
    [<000000009df27c89>] __do_softirq+0xcc/0x2c2 kernel/softirq.c:298
    [<000000007a3f1a47>] asm_call_irq_on_stack+0xf/0x20
    [<000000004a62cc2e>] __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
    [<000000004a62cc2e>] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
    [<000000004a62cc2e>] do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
    [<00000000b0086800>] invoke_softirq kernel/softirq.c:393 [inline]
    [<00000000b0086800>] __irq_exit_rcu kernel/softirq.c:423 [inline]
    [<00000000b0086800>] irq_exit_rcu+0x91/0xc0 kernel/softirq.c:435
    [<00000000175f9523>] sysvec_apic_timer_interrupt+0x36/0x80 arch/x86/kernel/apic/apic.c:1091
    [<00000000a348e847>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631
    [<0000000060661100>] native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
    [<0000000060661100>] arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
    [<0000000060661100>] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
    [<0000000060661100>] acpi_idle_do_entry+0xc3/0xd0 drivers/acpi/processor_idle.c:517
    [<000000003f413b99>] acpi_idle_enter+0x128/0x1f0 drivers/acpi/processor_idle.c:648
    [<00000000f5e5afb8>] cpuidle_enter_state+0xc9/0x650 drivers/cpuidle/cpuidle.c:237
    [<00000000d50d51fc>] cpuidle_enter+0x29/0x40 drivers/cpuidle/cpuidle.c:351
    [<00000000d674baed>] call_cpuidle kernel/sched/idle.c:132 [inline]
    [<00000000d674baed>] cpuidle_idle_call kernel/sched/idle.c:213 [inline]
    [<00000000d674baed>] do_idle+0x1c8/0x250 kernel/sched/idle.c:273

Reported-by: syzbot+bd38200f53df6259e6bf@syzkaller.appspotmail.com
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2020-10-27 11:34:09 +02:00
..
atm usb: atm: don't use snprintf() for sysfs attrs 2020-08-25 19:11:18 +02:00
c67x00 Linux 5.9-rc3 2020-08-31 07:11:45 +02:00
cdns3 usb: cdns3: gadget: enlarge the TRB ring length 2020-10-02 09:57:46 +03:00
chipidea usb: chipidea: ci_hdrc_imx: restore pinctrl 2020-09-03 16:32:07 +08:00
class usb: cdc-acm: add quirk to blacklist ETAS ES58X devices 2020-10-05 13:14:44 +02:00
common usb: common: usb-conn-gpio: Print error on failure to get VBUS 2020-08-18 12:13:44 +02:00
core dma-mapping updates for 5.10 2020-10-15 14:43:29 -07:00
dwc2 usb: dwc2: Avoid leaving the error_debugfs label unused 2020-10-27 11:33:53 +02:00
dwc3 usb: dwc3: ep0: Fix delay status handling 2020-10-27 11:33:53 +02:00
early usb: early: ehci-dbgp: convert to readl_poll_timeout_atomic() 2020-09-25 16:29:09 +02:00
gadget usb: raw-gadget: fix memory leak in gadget_setup 2020-10-27 11:34:09 +02:00
host usb: fotg210-hcd: convert to readl_poll_timeout_atomic() 2020-09-25 16:30:05 +02:00
image USB: microtek: use set_host_byte() 2020-09-16 12:42:10 +02:00
isp1760 usb: isp1760-hcd: convert to readl_poll_timeout_atomic() 2020-09-25 16:30:05 +02:00
misc USB: legousbtower: use usb_control_msg_recv() 2020-09-25 16:33:59 +02:00
mon
mtu3 usb: mtu3: Remove unsused inline function is_first_entry 2020-10-02 09:43:36 +03:00
musb usb: musb: gadget: Use fallthrough pseudo-keyword 2020-10-10 12:32:29 +02:00
phy usb: phy: phy-ab8500-usb: fix spello of "function" 2020-10-02 09:57:41 +03:00
renesas_usbhs usb: Use fallthrough pseudo-keyword 2020-07-10 08:55:17 +02:00
roles device connection: Remove struct device_connection 2020-09-07 11:14:09 +02:00
serial USB-serial updates for 5.10-rc1 2020-10-08 17:29:39 +02:00
storage USB: UAS: use macro for reporting results 2020-09-16 12:43:35 +02:00
typec USB/PHY/Thunderbolt driver patches for 5.10-rc1 2020-10-15 09:51:18 -07:00
usbip usbip: vhci_hcd: fix calling usb_hcd_giveback_urb() with irqs enabled 2020-10-07 09:25:48 +02:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile
usb-skeleton.c