lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sat, 11 Nov 2017 19:23:07 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     aleksey.makarov@...ium.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, Sunil.Goutham@...ium.com,
        rric@...nel.org, sgoutham@...ium.com
Subject: Re: [PATCH net-next] net: thunderx: fix double free error

From: Aleksey Makarov <aleksey.makarov@...ium.com>
Date: Thu,  9 Nov 2017 14:58:57 +0300

> This patch fixes an error in memory allocation/freeing in
> ThunderX PF driver.
> 
> I moved the allocation to the probe() function and made it managed.
> 
> From the Colin's email:
> 
> While running static analysis on linux-next with CoverityScan I found 3
> double free errors in the Cavium thunder driver.
> 
> The issue occurs on the err_disable_device: label of function nic_probe
> when nic_free_lmacmem(nic) is called and a double free occurs on
> nic->duplex, nic->link and nic->speed.  This occurs when nic_init_hw()
> fails:
> 
>         /* Initialize hardware */
>         err = nic_init_hw(nic);
>         if (err)
>                 goto err_release_regions;
> 
> nic_init_hw() calls nic_get_hw_info() and this calls nic_free_lmacmem()
> if any of the allocations fail. This free'ing occurs again by the call
> to nic_free_lmacmem() on the err_release_regions exit path in nic_probe().
> 
> Reported-by: Colin Ian King <colin.king@...onical.com>
> Signed-off-by: Aleksey Makarov <aleksey.makarov@...ium.com>

Applied, thank you.

Powered by blists - more mailing lists