linux-kernel - RE: [PATCH] NetCP: Deletion of unnecessary checks before two function calls

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite for Android: free password hash cracker in your pocket

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:	Thu, 5 Feb 2015 15:50:49 +0000
From:	"Kwok, WingMan" <w-kwok2@...com>
To:	Dan Carpenter <dan.carpenter@...cle.com>
CC:	SF Markus Elfring <elfring@...rs.sourceforge.net>,
	"Karicheri, Muralidharan" <m-karicheri2@...com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	"kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
	"Julia Lawall" <julia.lawall@...6.fr>
Subject: RE: [PATCH] NetCP: Deletion of unnecessary checks before two
 function calls

Dan,

Thanks.  We'll look into it and send a patch soon.

Regards,
WingMan

> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@...cle.com]
> Sent: Thursday, February 05, 2015 7:02 AM
> To: Kwok, WingMan
> Cc: SF Markus Elfring; Karicheri, Muralidharan; Kwok, WingMan;
> netdev@...r.kernel.org; LKML; kernel-janitors@...r.kernel.org; Julia Lawall
> Subject: Re: [PATCH] NetCP: Deletion of unnecessary checks before two
> function calls
> 
> Hi Wingman,
> 
> There are some bugs in this error handling.
> 
> On Tue, Feb 03, 2015 at 08:22:23PM +0100, SF Markus Elfring wrote:
> > diff --git a/drivers/net/ethernet/ti/netcp_ethss.c
> b/drivers/net/ethernet/ti/netcp_ethss.c
> > index fa1041a..cbd6dde 100644
> > --- a/drivers/net/ethernet/ti/netcp_ethss.c
> > +++ b/drivers/net/ethernet/ti/netcp_ethss.c
> > @@ -2010,12 +2010,10 @@ static int gbe_probe(struct netcp_device
> *netcp_device, struct device *dev,
> >  quit:
> >  	if (gbe_dev->hw_stats)
> >  		devm_kfree(dev, gbe_dev->hw_stats);
> > -	if (gbe_dev->ale)
> > -		cpsw_ale_destroy(gbe_dev->ale);
> > +	cpsw_ale_destroy(gbe_dev->ale);
> >  	if (gbe_dev->ss_regs)
> >  		devm_iounmap(dev, gbe_dev->ss_regs);
> > -	if (interfaces)
> > -		of_node_put(interfaces);
> > +	of_node_put(interfaces);
>                     ^^^^^^^^^^
> "interfaces" is sometimes unintialized in this code.  I don't know why
> GCC doesn't catch this...  :(
> 
> This is a "one rrr bug", which is caused because you just have one error
> label "quit" which handles all the error handling.  Please read my
> Google+ comment on error handling.
> 
> https://plus.google.com/106378716002406849458/posts/dnanfhQ4mHQ
> 
> >  	devm_kfree(dev, gbe_dev);
>         ^^^^^^^^^^^^^^^^^^^^^^^^
> This is not the right way to use the devm_ interface.  These things are
> freed automatically on error or when we are done with them.  This driver
> is double freeing pretty much everything.  Grep for devm_kfree() and
> fix everything.
> 
> I don't know why kbuild didn't catch this...
> 
> regards
> dan carpenter