lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <230CBA6E4B6B6B418E8730AC28E6FC7E041CFA70@DFLE11.ent.ti.com>
Date:	Thu, 5 Feb 2015 15:50:49 +0000
From:	"Kwok, WingMan" <w-kwok2@...com>
To:	Dan Carpenter <dan.carpenter@...cle.com>
CC:	SF Markus Elfring <elfring@...rs.sourceforge.net>,
	"Karicheri, Muralidharan" <m-karicheri2@...com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	"kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
	"Julia Lawall" <julia.lawall@...6.fr>
Subject: RE: [PATCH] NetCP: Deletion of unnecessary checks before two
 function calls

Dan,

Thanks.  We'll look into it and send a patch soon.

Regards,
WingMan

> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@...cle.com]
> Sent: Thursday, February 05, 2015 7:02 AM
> To: Kwok, WingMan
> Cc: SF Markus Elfring; Karicheri, Muralidharan; Kwok, WingMan;
> netdev@...r.kernel.org; LKML; kernel-janitors@...r.kernel.org; Julia Lawall
> Subject: Re: [PATCH] NetCP: Deletion of unnecessary checks before two
> function calls
> 
> Hi Wingman,
> 
> There are some bugs in this error handling.
> 
> On Tue, Feb 03, 2015 at 08:22:23PM +0100, SF Markus Elfring wrote:
> > diff --git a/drivers/net/ethernet/ti/netcp_ethss.c
> b/drivers/net/ethernet/ti/netcp_ethss.c
> > index fa1041a..cbd6dde 100644
> > --- a/drivers/net/ethernet/ti/netcp_ethss.c
> > +++ b/drivers/net/ethernet/ti/netcp_ethss.c
> > @@ -2010,12 +2010,10 @@ static int gbe_probe(struct netcp_device
> *netcp_device, struct device *dev,
> >  quit:
> >  	if (gbe_dev->hw_stats)
> >  		devm_kfree(dev, gbe_dev->hw_stats);
> > -	if (gbe_dev->ale)
> > -		cpsw_ale_destroy(gbe_dev->ale);
> > +	cpsw_ale_destroy(gbe_dev->ale);
> >  	if (gbe_dev->ss_regs)
> >  		devm_iounmap(dev, gbe_dev->ss_regs);
> > -	if (interfaces)
> > -		of_node_put(interfaces);
> > +	of_node_put(interfaces);
>                     ^^^^^^^^^^
> "interfaces" is sometimes unintialized in this code.  I don't know why
> GCC doesn't catch this...  :(
> 
> This is a "one rrr bug", which is caused because you just have one error
> label "quit" which handles all the error handling.  Please read my
> Google+ comment on error handling.
> 
> https://plus.google.com/106378716002406849458/posts/dnanfhQ4mHQ
> 
> >  	devm_kfree(dev, gbe_dev);
>         ^^^^^^^^^^^^^^^^^^^^^^^^
> This is not the right way to use the devm_ interface.  These things are
> freed automatically on error or when we are done with them.  This driver
> is double freeing pretty much everything.  Grep for devm_kfree() and
> fix everything.
> 
> I don't know why kbuild didn't catch this...
> 
> regards
> dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ