| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1543668269-27207-1-git-send-email-hofrat@osadl.org>
Date: Sat, 1 Dec 2018 13:44:29 +0100
From: Nicholas Mc Guire <hofrat@...dl.org>
To: Jonathan Corbet <corbet@....net>
Cc: Philippe Ombredanne <pombredanne@...b.com>,
Andrey Smirnov <andrew.smirnov@...il.com>,
Uwe Kleine-Knig <u.kleine-koenig@...gutronix.de>,
Linus Walleij <linus.walleij@...aro.org>,
Huang Shijie <sjhuang@...vatar.ai>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, Nicholas Mc Guire <hofrat@...dl.org>
Subject: [PATCH] Documentation: devres: note checking needs when converting
There are a number of cases where conversions to devm_* API have been
done but developers forgot that this conversion may imply that return
values need to be checked for failure of internal resource handling
like allocation. While this should be clear, it does seem to be a
relatively common issue with API conversions or maybe "managed" is
being misunderstood ? So add a note to make the scope of "managed" clear.
Signed-off-by: Nicholas Mc Guire <hofrat@...dl.org>
---
This popped up due to some API checking coccinelle scripts for devm_* that are
under development are triggering far to often - checking devm_kasprintf flagged
16 of the 132, 14 of which are true-positives (11%) and for the 33 devm_kstrdup
cases 8 look buggy (missing check for return NULL) thats 24%. Others seem to be
related to simple replacement of previous assignments to devm_* calls - so
given this high number of incorrect use the root-cause may be a misunderstanding
of "managed", which it seems was not being clearly understood as only addressing
freeing.
Not sure if the wording here is clear enough - but some clarification to this
ends seems needed.
Patch is against 4.20-rc4 (localversion-next is next-20181130)
Documentation/driver-model/devres.txt | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/Documentation/driver-model/devres.txt b/Documentation/driver-model/devres.txt
index 48aa1ef..ea2532b 100644
--- a/Documentation/driver-model/devres.txt
+++ b/Documentation/driver-model/devres.txt
@@ -132,6 +132,13 @@ devres. Complexity is shifted from less maintained low level drivers
to better maintained higher layer. Also, as init failure path is
shared with exit path, both can get more testing.
+Note though that when converting current calls or assignments to
+managed devm_* versions it is up to you to check if internal operations
+like allocating memory, have failed. Managed resources pertains to the
+freeing of these resources *only* - all other checks needed are still
+on you. In some cases this may mean introducing checks that were not
+necessary before moving to the managed devm_* calls.
+
3. Devres group
---------------
--
2.1.4
Powered by blists - more mailing lists