| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.21.1910122122370.3049@hadrien>
Date: Sat, 12 Oct 2019 21:24:19 +0200 (CEST)
From: Julia Lawall <julia.lawall@...6.fr>
To: Navid Emamdoost <navid.emamdoost@...il.com>
cc: Markus Elfring <Markus.Elfring@....de>,
dri-devel@...ts.freedesktop.org,
Pengutronix Kernel Team <kernel@...gutronix.de>,
linux-arm-kernel@...ts.infradead.org,
NXP Linux Team <linux-imx@....com>,
Daniel Vetter <daniel@...ll.ch>,
David Airlie <airlied@...ux.ie>,
Fabio Estevam <festevam@...il.com>,
Philipp Zabel <p.zabel@...gutronix.de>,
Sascha Hauer <s.hauer@...gutronix.de>,
Shawn Guo <shawnguo@...nel.org>,
Peter Senna Tschudin <peter.senna@...labora.com>,
Navid Emamdoost <emamd001@....edu>, Kangjie Lu <kjlu@....edu>,
Stephen McCamant <smccaman@....edu>,
Rob Herring <robh@...nel.org>,
Thierry Reding <thierry.reding@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH 1/2] drm/imx: Fix error handling for a kmemdup() call in
imx_pd_bind()
On Sat, 12 Oct 2019, Navid Emamdoost wrote:
> On Sat, Oct 12, 2019 at 4:07 AM Markus Elfring <Markus.Elfring@....de> wrote:
> >
> > From: Markus Elfring <elfring@...rs.sourceforge.net>
> > Date: Sat, 12 Oct 2019 10:30:21 +0200
> >
> > The return value from a call of the function “kmemdup” was not checked
> > in this function implementation. Thus add the corresponding error handling.
> >
> > Fixes: 19022aaae677dfa171a719e9d1ff04823ce65a65 ("staging: drm/imx: Add parallel display support")
> > Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
> > ---
> > drivers/gpu/drm/imx/parallel-display.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
> > index 35518e5de356..39c4798f56b6 100644
> > --- a/drivers/gpu/drm/imx/parallel-display.c
> > +++ b/drivers/gpu/drm/imx/parallel-display.c
> > @@ -210,8 +210,13 @@ static int imx_pd_bind(struct device *dev, struct device *master, void *data)
> > return -ENOMEM;
> >
> > edidp = of_get_property(np, "edid", &imxpd->edid_len);
> > - if (edidp)
> > + if (edidp) {
> > imxpd->edid = kmemdup(edidp, imxpd->edid_len, GFP_KERNEL);
> > + if (!imxpd->edid) {
> > + devm_kfree(dev, imxpd);
>
> You should not try to free imxpd here as it is a resource-managed
> allocation via devm_kzalloc(). It means memory allocated with this
> function is
> automatically freed on driver detach. So, this patch introduces a double-free.
No, it's not double freed since the proposed code frees it with a devm
function, removing it from the list of things to free later. One can
wonder why the free has to be made apparent, though.
julia
>
> > + return -ENOMEM;
> > + }
> > + }
> >
> > ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
> > if (!ret) {
> > --
> > 2.23.0
> >
>
>
> --
> Navid.
>
Powered by blists - more mailing lists