lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 9 Mar 2017 09:20:42 +0000
From:   Russell King - ARM Linux <linux@...linux.org.uk>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc:     Lars-Peter Clausen <lars@...afoo.de>,
        Robin Murphy <robin.murphy@....com>, dmaengine@...r.kernel.org,
        linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        Arnd Bergmann <arnd@...db.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        "James E.J. Bottomley" <James.Bottomley@...senpartnership.com>,
        Tejun Heo <tj@...nel.org>,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [Question] devm_kmalloc() for DMA ?

On Thu, Mar 09, 2017 at 12:25:07PM +0900, Masahiro Yamada wrote:
> (c) Use kmalloc() and kfree().   (be careful for memory leak)

This is quite simple.  For the first one, it doesn't seem that it's
DMA'd into, so there's no need to use GFP_DMA.

-	/* allocate a temporary buffer for nand_scan_ident() */
-	denali->buf.buf = devm_kzalloc(denali->dev, PAGE_SIZE,
-					GFP_DMA | GFP_KERNEL);
-	if (!denali->buf.buf)
-		return -ENOMEM;

...

+	denali->buf.buf = kzalloc(PAGE_SIZE, GFP_KERNEL);
+	if (!denali->buf.buf)
+		return -ENOMEM;
+
	/*
	 * scan for NAND devices attached to the controller
	 * this is the first stage in a two step process to register
	 * with the nand subsystem
	 */
	ret = nand_scan_ident(mtd, denali->max_banks, NULL);
+	kfree(denali->buf.buf);
+
	if (ret)
		goto failed_req_irq;

-	/* allocate the right size buffer now */
-	devm_kfree(denali->dev, denali->buf.buf);

For the second one, I think the first thing to do is to move the
dma_set_mask() to the very beginning of the probe function - if that
fails, then we can't use DMA, and it's not something that requires
any cleanup.

With that gone, convert the other devm_kzalloc() there for buf.buf to
kzalloc(), and ensure that it's appropriately freed.  Note that this
driver is _already_ buggy in that if:

        } else if (mtd->oobsize < (denali->bbtskipbytes +
                        ECC_8BITS * (mtd->writesize /
                        ECC_SECTOR_SIZE))) {
                pr_err("Your NAND chip OOB is not large enough to contain 8bit ECC correction codes");
                goto failed_req_irq;

fails, or these:

        ret = nand_scan_tail(mtd);
        if (ret)
                goto failed_req_irq;

        ret = mtd_device_register(mtd, NULL, 0);
        if (ret) {
                dev_err(denali->dev, "Failed to register MTD: %d\n", ret);
                goto failed_req_irq;
        }

it doesn't unmap the buffer.  So, the driver is already broken.

-- 
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ