lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Mar 2019 11:18:31 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...org, Kangjie Lu <kjlu@....edu>
Cc:     kbuild-all@...org, kjlu@....edu, pakki001@....edu,
        Alan Stern <stern@...land.harvard.edu>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: sierra: fix a missing check of device_create_file

Hi Kangjie,

Thank you for the patch! Perhaps something to improve:

url:    https://github.com/0day-ci/linux/commits/Kangjie-Lu/usb-sierra-fix-a-missing-check-of-device_create_file/20190325-101328
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing

smatch warnings:
drivers/usb/storage/sierra_ms.c:199 sierra_ms_init() error: double free of 'swocInfo'

# https://github.com/0day-ci/linux/commit/04d66f3d072c3d14308aebecdbc0f2983ce443d2
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 04d66f3d072c3d14308aebecdbc0f2983ce443d2
vim +/swocInfo +199 drivers/usb/storage/sierra_ms.c

32fe5e393 Kevin Lloyd  2008-07-10  126  
32fe5e393 Kevin Lloyd  2008-07-10  127  int sierra_ms_init(struct us_data *us)
32fe5e393 Kevin Lloyd  2008-07-10  128  {
32fe5e393 Kevin Lloyd  2008-07-10  129  	int result, retries;
32fe5e393 Kevin Lloyd  2008-07-10  130  	struct swoc_info *swocInfo;
32fe5e393 Kevin Lloyd  2008-07-10  131  	struct usb_device *udev;
32fe5e393 Kevin Lloyd  2008-07-10  132  	struct Scsi_Host *sh;
32fe5e393 Kevin Lloyd  2008-07-10  133  
32fe5e393 Kevin Lloyd  2008-07-10  134  	retries = 3;
32fe5e393 Kevin Lloyd  2008-07-10  135  	result = 0;
32fe5e393 Kevin Lloyd  2008-07-10  136  	udev = us->pusb_dev;
32fe5e393 Kevin Lloyd  2008-07-10  137  
32fe5e393 Kevin Lloyd  2008-07-10  138  	sh = us_to_host(us);
0220a3f01 Alan Cox     2012-09-19  139  	scsi_get_host_dev(sh);
32fe5e393 Kevin Lloyd  2008-07-10  140  
32fe5e393 Kevin Lloyd  2008-07-10  141  	/* Force Modem mode */
32fe5e393 Kevin Lloyd  2008-07-10  142  	if (swi_tru_install == TRU_FORCE_MODEM) {
191648d03 Joe Perches  2013-04-19  143  		usb_stor_dbg(us, "SWIMS: Forcing Modem Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  144  		result = sierra_set_ms_mode(udev, SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd  2008-07-10  145  		if (result < 0)
191648d03 Joe Perches  2013-04-19  146  			usb_stor_dbg(us, "SWIMS: Failed to switch to modem mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  147  		return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  148  	}
32fe5e393 Kevin Lloyd  2008-07-10  149  	/* Force Mass Storage mode (keep CD-Rom) */
32fe5e393 Kevin Lloyd  2008-07-10  150  	else if (swi_tru_install == TRU_FORCE_MS) {
191648d03 Joe Perches  2013-04-19  151  		usb_stor_dbg(us, "SWIMS: Forcing Mass Storage Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  152  		goto complete;
32fe5e393 Kevin Lloyd  2008-07-10  153  	}
32fe5e393 Kevin Lloyd  2008-07-10  154  	/* Normal TRU-Install Logic */
32fe5e393 Kevin Lloyd  2008-07-10  155  	else {
191648d03 Joe Perches  2013-04-19  156  		usb_stor_dbg(us, "SWIMS: Normal SWoC Logic\n");
32fe5e393 Kevin Lloyd  2008-07-10  157  
32fe5e393 Kevin Lloyd  2008-07-10  158  		swocInfo = kmalloc(sizeof(struct swoc_info),
32fe5e393 Kevin Lloyd  2008-07-10  159  				GFP_KERNEL);
191648d03 Joe Perches  2013-04-19  160  		if (!swocInfo)
32fe5e393 Kevin Lloyd  2008-07-10  161  			return -ENOMEM;
32fe5e393 Kevin Lloyd  2008-07-10  162  
32fe5e393 Kevin Lloyd  2008-07-10  163  		retries = 3;
32fe5e393 Kevin Lloyd  2008-07-10  164  		do {
32fe5e393 Kevin Lloyd  2008-07-10  165  			retries--;
32fe5e393 Kevin Lloyd  2008-07-10  166  			result = sierra_get_swoc_info(udev, swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  167  			if (result < 0) {
191648d03 Joe Perches  2013-04-19  168  				usb_stor_dbg(us, "SWIMS: Failed SWoC query\n");
32fe5e393 Kevin Lloyd  2008-07-10  169  				schedule_timeout_uninterruptible(2*HZ);
32fe5e393 Kevin Lloyd  2008-07-10  170  			}
32fe5e393 Kevin Lloyd  2008-07-10  171  		} while (retries && result < 0);
32fe5e393 Kevin Lloyd  2008-07-10  172  
32fe5e393 Kevin Lloyd  2008-07-10  173  		if (result < 0) {
191648d03 Joe Perches  2013-04-19  174  			usb_stor_dbg(us, "SWIMS: Completely failed SWoC query\n");
32fe5e393 Kevin Lloyd  2008-07-10  175  			kfree(swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  176  			return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  177  		}
32fe5e393 Kevin Lloyd  2008-07-10  178  
191648d03 Joe Perches  2013-04-19  179  		debug_swoc(&us->pusb_dev->dev, swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  180  
f0183a338 Felipe Balbi 2016-04-18  181  		/*
f0183a338 Felipe Balbi 2016-04-18  182  		 * If there is not Linux software on the TRU-Install device
32fe5e393 Kevin Lloyd  2008-07-10  183  		 * then switch to modem mode
32fe5e393 Kevin Lloyd  2008-07-10  184  		 */
32fe5e393 Kevin Lloyd  2008-07-10  185  		if (!containsFullLinuxPackage(swocInfo)) {
191648d03 Joe Perches  2013-04-19  186  			usb_stor_dbg(us, "SWIMS: Switching to Modem Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  187  			result = sierra_set_ms_mode(udev,
32fe5e393 Kevin Lloyd  2008-07-10  188  				SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd  2008-07-10  189  			if (result < 0)
191648d03 Joe Perches  2013-04-19  190  				usb_stor_dbg(us, "SWIMS: Failed to switch modem\n");
32fe5e393 Kevin Lloyd  2008-07-10  191  			kfree(swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  192  			return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  193  		}
32fe5e393 Kevin Lloyd  2008-07-10  194  		kfree(swocInfo);
                                                        ^^^^^^^^^^^^^^^^

32fe5e393 Kevin Lloyd  2008-07-10  195  	}

break statement?

32fe5e393 Kevin Lloyd  2008-07-10  196  complete:
32fe5e393 Kevin Lloyd  2008-07-10  197  	result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
04d66f3d0 Kangjie Lu   2019-03-24  198  	if (result) {
04d66f3d0 Kangjie Lu   2019-03-24 @199  		kfree(swocInfo);
                                                        ^^^^^^^^^^^^^^^
Double free.

04d66f3d0 Kangjie Lu   2019-03-24  200  		return result;
04d66f3d0 Kangjie Lu   2019-03-24  201  	}
32fe5e393 Kevin Lloyd  2008-07-10  202  
be475d902 Alan Stern   2009-05-21  203  	return 0;
32fe5e393 Kevin Lloyd  2008-07-10  204  }
32fe5e393 Kevin Lloyd  2008-07-10  205  

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ