lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 30 Sep 2010 13:06:22 -0700 (PDT)
From:	David Rientjes <rientjes@...gle.com>
To:	Pekka Enberg <penberg@...nel.org>
cc:	dave@....org, davej@...hat.com, cpufreq@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>,
	x86 maintainers <x86@...nel.org>
Subject: Re: [RESEND PATCH] cpufreq: unnecesary double free in
 pcc_cpufreq_do_osc

On Thu, 30 Sep 2010, Pekka Enberg wrote:

> From 8b18a51077c9e5b36d54a5e45f9058eb3aae2477 Mon Sep 17 00:00:00 2001
> From: Pekka Enberg <penberg@...helsinki.fi>
> Date: Thu, 30 Sep 2010 22:57:33 +0300
> Subject: [PATCH] x86, cpufreq: Fix pcc_cpufreq_do_osc() memory leaks
> 
> If acpi_evaluate_object() function call doesn't fail, we must kfree()
> output.buffer before returning from pcc_cpufreq_do_osc().
> 
> Signed-off-by: Pekka Enberg <penberg@...helsinki.fi>

Acked-by: David Rientjes <rientjes@...gle.com>

> ---
>  arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c |   18 ++++++++++++------
>  1 files changed, 12 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c
> index 994230d..4f6f679 100644
> --- a/arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c
> +++ b/arch/x86/kernel/cpu/cpufreq/pcc-cpufreq.c
> @@ -368,16 +368,22 @@ static int __init pcc_cpufreq_do_osc(acpi_handle *handle)
>  		return -ENODEV;
>  
>  	out_obj = output.pointer;
> -	if (out_obj->type != ACPI_TYPE_BUFFER)
> -		return -ENODEV;
> +	if (out_obj->type != ACPI_TYPE_BUFFER) {
> +		ret = -ENODEV;
> +		goto out_free;
> +	}
>  
>  	errors = *((u32 *)out_obj->buffer.pointer) & ~(1 << 0);
> -	if (errors)
> -		return -ENODEV;
> +	if (errors) {
> +		ret = -ENODEV;
> +		goto out_free;
> +	}
>  
>  	supported = *((u32 *)(out_obj->buffer.pointer + 4));
> -	if (!(supported & 0x1))
> -		return -ENODEV;
> +	if (!(supported & 0x1)) {
> +		ret = -ENODEV;
> +		goto out_free;
> +	}
>  
>  out_free:
>  	kfree(output.pointer);
> -- 
> 1.5.6.4
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists