lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 29 Dec 2019 09:19:55 +0800
From:   "yukuai (C)" <yukuai3@...wei.com>
To:     Markus Elfring <Markus.Elfring@....de>,
        <dri-devel@...ts.freedesktop.org>
CC:     <linux-kernel@...r.kernel.org>, Daniel Vetter <daniel@...ll.ch>,
        "David Airlie" <airlied@...ux.ie>, Eric Anholt <eric@...olt.net>,
        Yi Zhang <yi.zhang@...wei.com>,
        zhengbin <zhengbin13@...wei.com>
Subject: Re: [PATCH] drm/v3d: remove duplicated kfree in v3d_submit_cl_ioctl



On 2019/12/29 4:45, Markus Elfring wrote:
>> v3d_submit_cl_ioctl call kfree() with variable 'bin' twice.
> 
> I would prefer a wording like “kfree() was called for the same variable twice
> within an if branch.”.
> 
> 
>> Fix it by removing the latter one.
> 
> I find the wording “Delete a duplicate function call.” more appropriate.
> 
Thank you for your advise, I'll make changes in V2 patch.

> Please add the tag “Fixes” to your change description.

I got the results from "git blame":
git blame -L 570,575 drivers/gpu/drm/v3d/v3d_gem.c
a783a09ee76d6 (Eric Anholt        2019-04-16 15:58:53 -0700 570) 
        if (ret) {
0d352a3a8a1f2 (Iago Toral Quiroga 2019-09-16 09:11:25 +0200 571) 
                kfree(bin);
a783a09ee76d6 (Eric Anholt        2019-04-16 15:58:53 -0700 572) 
                v3d_job_put(&render->base);
29cd13cfd7624 (Navid Emamdoost    2019-10-21 13:52:49 -0500 573) 
                kfree(bin);
a783a09ee76d6 (Eric Anholt        2019-04-16 15:58:53 -0700 574) 
                return ret;
a783a09ee76d6 (Eric Anholt        2019-04-16 15:58:53 -0700 575) 
        }

The first kfree belong to the patch 0d352a3a8a1f2 :
commit 0d352a3a8a1f26168d09f7073e61bb4b328e3bb9
Author: Iago Toral Quiroga <itoral@...lia.com>
Date:   Mon Sep 16 09:11:25 2019 +0200

     drm/v3d: don't leak bin job if v3d_job_init fails.

     If the initialization of the job fails we need to kfree() it
     before returning.

     Signed-off-by: Iago Toral Quiroga <itoral@...lia.com>
     Signed-off-by: Eric Anholt <eric@...olt.net>
     Link: 
https://patchwork.freedesktop.org/patch/msgid/20190916071125.5255-1-itoral@igalia.com
     Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
     Reviewed-by: Eric Anholt <eric@...olt.net>

diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..fb32cda18ffe 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -563,6 +563,7 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void *data,
                 ret = v3d_job_init(v3d, file_priv, &bin->base,
                                    v3d_job_free, args->in_sync_bcl);
                 if (ret) {
+                       kfree(bin);
                         v3d_job_put(&render->base);
                         return ret;
                 }

And the second belong to 29cd13cfd7624:
commit 29cd13cfd7624726d9e6becbae9aa419ef35af7f
Author: Navid Emamdoost <navid.emamdoost@...il.com>
Date:   Mon Oct 21 13:52:49 2019 -0500

     drm/v3d: Fix memory leak in v3d_submit_cl_ioctl

     In the impelementation of v3d_submit_cl_ioctl() there are two memory
     leaks. One is when allocation for bin fails, and the other is when bin
     initialization fails. If kcalloc fails to allocate memory for bin then
     render->base should be put. Also, if v3d_job_init() fails to initialize
     bin->base then allocated memory for bin should be released.

     Fixes: a783a09ee76d ("drm/v3d: Refactor job management.")
     Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
     Reviewed-by: Eric Anholt <eric@...olt.net>
     Signed-off-by: Daniel Vetter <daniel.vetter@...ll.ch>
     Link: 
https://patchwork.freedesktop.org/patch/msgid/20191021185250.26130-1-navid.emamdoost@gmail.com

diff --git a/drivers/gpu/drm/v3d/v3d_gem.c b/drivers/gpu/drm/v3d/v3d_gem.c
index 5d80507b539b..19c092d75266 100644
--- a/drivers/gpu/drm/v3d/v3d_gem.c
+++ b/drivers/gpu/drm/v3d/v3d_gem.c
@@ -557,13 +557,16 @@ v3d_submit_cl_ioctl(struct drm_device *dev, void 
*data,

         if (args->bcl_start != args->bcl_end) {
                 bin = kcalloc(1, sizeof(*bin), GFP_KERNEL);
-               if (!bin)
+               if (!bin) {
+                       v3d_job_put(&render->base);
                         return -ENOMEM;
+               }

                 ret = v3d_job_init(v3d, file_priv, &bin->base,
                                    v3d_job_free, args->in_sync_bcl);
                 if (ret) {
                         v3d_job_put(&render->base);
+                       kfree(bin);
                         return ret;
                 }

It seems the two patches fix the same memory leak, but I have no idea 
how thet get together without conflict.

Thanks
Yu Kuai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ