| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Nov 2017 19:23:07 +0900 (KST)
From: David Miller <davem@...emloft.net>
To: aleksey.makarov@...ium.com
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, Sunil.Goutham@...ium.com,
rric@...nel.org, sgoutham@...ium.com
Subject: Re: [PATCH net-next] net: thunderx: fix double free error
From: Aleksey Makarov <aleksey.makarov@...ium.com>
Date: Thu, 9 Nov 2017 14:58:57 +0300
> This patch fixes an error in memory allocation/freeing in
> ThunderX PF driver.
>
> I moved the allocation to the probe() function and made it managed.
>
> From the Colin's email:
>
> While running static analysis on linux-next with CoverityScan I found 3
> double free errors in the Cavium thunder driver.
>
> The issue occurs on the err_disable_device: label of function nic_probe
> when nic_free_lmacmem(nic) is called and a double free occurs on
> nic->duplex, nic->link and nic->speed. This occurs when nic_init_hw()
> fails:
>
> /* Initialize hardware */
> err = nic_init_hw(nic);
> if (err)
> goto err_release_regions;
>
> nic_init_hw() calls nic_get_hw_info() and this calls nic_free_lmacmem()
> if any of the allocations fail. This free'ing occurs again by the call
> to nic_free_lmacmem() on the err_release_regions exit path in nic_probe().
>
> Reported-by: Colin Ian King <colin.king@...onical.com>
> Signed-off-by: Aleksey Makarov <aleksey.makarov@...ium.com>
Applied, thank you.
Powered by blists - more mailing lists