| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8760do6lqt.fsf@linux.intel.com>
Date: Wed, 16 Aug 2017 09:59:54 +0300
From: Felipe Balbi <balbi@...nel.org>
To: Alexey Khoroshilov <khoroshilov@...ras.ru>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Alexey Khoroshilov <khoroshilov@...ras.ru>,
Krzysztof Opasiak <k.opasiak@...sung.com>,
Anton Vasilyev <vasilyev@...ras.ru>, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, ldv-project@...uxtesting.org
Subject: Re: Inconsistency in usb_add_gadget_udc_release() interface
Hi,
Alexey Khoroshilov <khoroshilov@...ras.ru> writes:
> Hello,
>
> usb_add_gadget_udc_release() gets release() argument that allows to
> release user resources.
>
> As far as I can see, the release() is called on error paths
> of usb_add_gadget_udc_release() as a result of
> put_device(&gadget->dev);
> except for the only path going via err1.
>
> As a result a caller of the usb_add_gadget_udc_release() have no chance
> to know if the release() was invoked or not.
>
> It may lead to memory leaks (drivers/usb/gadget/udc/snps_udc_core.c)
> or to double free (drivers/usb/gadget/udc/fsl_udc_core.c).
>
> Is my reading correct? If so, should we always call release() on error paths?
unfortunately, it's not :-)
Note that we don't register gadget->dev until later in the code, so
there's nothing to be ->released() that early.
--
balbi
Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists