lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.02.1301060941110.2070@localhost6.localdomain6>
Date:	Sun, 6 Jan 2013 09:41:36 +0100 (CET)
From:	Julia Lawall <julia.lawall@...6.fr>
To:	Anton Vorontsov <anton@...msg.org>
cc:	kernel-janitors@...r.kernel.org,
	David Woodhouse <dwmw2@...radead.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/power/88pm860x_battery.c: use
 devm_request_threaded_irq



On Sat, 5 Jan 2013, Anton Vorontsov wrote:

> On Sat, Dec 08, 2012 at 06:16:35PM +0100, Julia Lawall wrote:
>> From: Julia Lawall <Julia.Lawall@...6.fr>
>>
>> devm_request_threaded_irq requests and irq that is freed when a driver
>> detaches.  This patch uses devm_request_threaded_irq for irqs that are
>> requested in the probe function of a platform device and are only freed in
>> the remove function.
>>
>> Additionally, the original code used devm_kzalloc, but kfree.  This would
>> lead to a double free.  The problem was found using the following semantic
>> match (http://coccinelle.lip6.fr/):
>>
>> // <smpl>
>> @@
>> expression x,e;
>> @@
>> x = devm_kzalloc(...)
>> ... when != x = e
>> ?-kfree(x,...);
>> // </smpl>
>>
>> The error handling code in the probe function is also simplified in the
>> cases where there is now nothing to do other than return.
>>
>> Signed-off-by: Julia Lawall <Julia.Lawall@...6.fr>
>>
>> ---
> [....]
>> @@ -994,9 +989,6 @@ static int pm860x_battery_remove(struct platform_device *pdev)
>>  	struct pm860x_battery_info *info = platform_get_drvdata(pdev);
>>
>>  	power_supply_unregister(&info->battery);
>> -	free_irq(info->irq_batt, info);
>> -	free_irq(info->irq_cc, info);
>> -	kfree(info);
>
> It is not safe to access battery ('struct power_supply') object after
> _unregister() (and irq handlers will surely do). Instead of removing
> free_irq(), the right fix would be to place the two calls before
> _unregister().

Thanks for the feedback.  I will send a new patch.

julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ