lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 22 Mar 2019 22:56:40 +0000
From:   "Verma, Vishal L" <vishal.l.verma@...el.com>
To:     "kjlu@....edu" <kjlu@....edu>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-nvdimm@...ts.01.org" <linux-nvdimm@...ts.01.org>,
        "pakki001@....edu" <pakki001@....edu>,
        "zwisler@...nel.org" <zwisler@...nel.org>
Subject: Re: [PATCH] nvdimm: btt_devs: fix a NULL pointer dereference and a
 memory leak


On Fri, 2019-03-22 at 22:49 +0000, Verma, Vishal L wrote:
> On Tue, 2019-03-12 at 03:15 -0500, Kangjie Lu wrote:
> > In case kmemdup fails, the fix releases resources and returns to
> > avoid the NULL pointer dereference.
> > Also, the error paths in the following code should release
> > resources to avoid memory leaks.
> > 
> > Signed-off-by: Kangjie Lu <kjlu@....edu>
> > ---
> >  drivers/nvdimm/btt_devs.c | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> > 
> 
> Looks good,
> Reviewed-by: Vishal Verma <vishal.l.verma@...el.com>

Looking again, there is another kmemdup() call in __nd_btt_probe which
is lacking error checking.
And referring to your other related patch to namespace_devs, that has
/several/ instances of the same thing.

Instead of fixing just a couple of these, it might be worthwhile to send
a wider cleanup patch to catch all of these, at least within
drivers/nvdimm/ for starters, instead of a select few.

> 
> > diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c
> > index 795ad4ff35ca..565ea0b6f765 100644
> > --- a/drivers/nvdimm/btt_devs.c
> > +++ b/drivers/nvdimm/btt_devs.c
> > @@ -196,8 +196,13 @@ static struct device *__nd_btt_create(struct
> > nd_region *nd_region,
> >  	}
> >  
> >  	nd_btt->lbasize = lbasize;
> > -	if (uuid)
> > +	if (uuid) {
> >  		uuid = kmemdup(uuid, 16, GFP_KERNEL);
> > +		if (!uuid) {
> > +			kfree(nd_btt);
> > +			return NULL;
> > +		}
> > +	}
> >  	nd_btt->uuid = uuid;
> >  	dev = &nd_btt->dev;
> >  	dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id);
> > @@ -209,6 +214,7 @@ static struct device *__nd_btt_create(struct
> > nd_region *nd_region,
> >  		dev_dbg(&ndns->dev, "failed, already claimed by %s\n",
> >  				dev_name(ndns->claim));
> >  		put_device(dev);
> > +		kfree(uuid);
> >  		return NULL;
> >  	}
> >  	return dev;
> 
> _______________________________________________
> Linux-nvdimm mailing list
> Linux-nvdimm@...ts.01.org
> https://lists.01.org/mailman/listinfo/linux-nvdimm

Powered by blists - more mailing lists