lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210409095255.GJ6048@kadam>
Date:   Fri, 9 Apr 2021 12:52:55 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org, frowand.list@...il.com,
        Rob Herring <robh+dt@...nel.org>,
        Guenter Roeck <linux@...ck-us.net>
Cc:     lkp@...el.com, kbuild-all@...ts.01.org,
        Pantelis Antoniou <pantelis.antoniou@...sulko.com>,
        devicetree@...r.kernel.org,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        linux-kernel@...r.kernel.org
Subject: [kbuild] Re: [PATCH 1/1] of: unittest: overlay: ensure proper
 alignment of copied FDT

Hi,

url:    https://github.com/0day-ci/linux/commits/frowand-list-gmail-com/of-unittest-overlay-ensure-proper-alignment-of-copied-FDT/20210408-045317 
base:   https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git  for-next
config: i386-randconfig-m021-20210407 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

smatch warnings:
drivers/of/overlay.c:1045 of_overlay_fdt_apply() warn: overwrite may leak 'new_fdt'

vim +/new_fdt +1045 drivers/of/overlay.c

39a751a4cb7e47 Frank Rowand      2018-02-12  1015  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
39a751a4cb7e47 Frank Rowand      2018-02-12  1016  			 int *ovcs_id)
39a751a4cb7e47 Frank Rowand      2018-02-12  1017  {
7a18fbf9013a19 Frank Rowand      2021-04-07  1018  	void *new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1019  	int ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1020  	u32 size;
39a751a4cb7e47 Frank Rowand      2018-02-12  1021  	struct device_node *overlay_root;
39a751a4cb7e47 Frank Rowand      2018-02-12  1022  
39a751a4cb7e47 Frank Rowand      2018-02-12  1023  	*ovcs_id = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1024  	ret = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1025  
39a751a4cb7e47 Frank Rowand      2018-02-12  1026  	if (overlay_fdt_size < sizeof(struct fdt_header) ||
39a751a4cb7e47 Frank Rowand      2018-02-12  1027  	    fdt_check_header(overlay_fdt)) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1028  		pr_err("Invalid overlay_fdt header\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1029  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1030  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1031  
39a751a4cb7e47 Frank Rowand      2018-02-12  1032  	size = fdt_totalsize(overlay_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1033  	if (overlay_fdt_size < size)
39a751a4cb7e47 Frank Rowand      2018-02-12  1034  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1035  
39a751a4cb7e47 Frank Rowand      2018-02-12  1036  	/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1037  	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
39a751a4cb7e47 Frank Rowand      2018-02-12  1038  	 * will create pointers to the passed in FDT in the unflattened tree.
39a751a4cb7e47 Frank Rowand      2018-02-12  1039  	 */
7a18fbf9013a19 Frank Rowand      2021-04-07  1040  	size += FDT_ALIGN_SIZE;
7a18fbf9013a19 Frank Rowand      2021-04-07  1041  	new_fdt = kmalloc(size, GFP_KERNEL);
39a751a4cb7e47 Frank Rowand      2018-02-12  1042  	if (!new_fdt)
39a751a4cb7e47 Frank Rowand      2018-02-12  1043  		return -ENOMEM;
39a751a4cb7e47 Frank Rowand      2018-02-12  1044  
7a18fbf9013a19 Frank Rowand      2021-04-07 @1045  	new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
                                                        ^^^^^^^
We're not freeing the exact same pointer that we allocated.

7a18fbf9013a19 Frank Rowand      2021-04-07  1046  	memcpy(new_fdt, overlay_fdt, size);
7a18fbf9013a19 Frank Rowand      2021-04-07  1047  
39a751a4cb7e47 Frank Rowand      2018-02-12  1048  	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
39a751a4cb7e47 Frank Rowand      2018-02-12  1049  	if (!overlay_root) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1050  		pr_err("unable to unflatten overlay_fdt\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1051  		ret = -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1052  		goto out_free_new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1053  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1054  
39a751a4cb7e47 Frank Rowand      2018-02-12  1055  	ret = of_overlay_apply(new_fdt, overlay_root, ovcs_id);
39a751a4cb7e47 Frank Rowand      2018-02-12  1056  	if (ret < 0) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1057  		/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1058  		 * new_fdt and overlay_root now belong to the overlay
39a751a4cb7e47 Frank Rowand      2018-02-12  1059  		 * changeset.
39a751a4cb7e47 Frank Rowand      2018-02-12  1060  		 * overlay changeset code is responsible for freeing them.
39a751a4cb7e47 Frank Rowand      2018-02-12  1061  		 */
39a751a4cb7e47 Frank Rowand      2018-02-12  1062  		goto out;
39a751a4cb7e47 Frank Rowand      2018-02-12  1063  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1064  
39a751a4cb7e47 Frank Rowand      2018-02-12  1065  	return 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1066  
39a751a4cb7e47 Frank Rowand      2018-02-12  1067  
39a751a4cb7e47 Frank Rowand      2018-02-12  1068  out_free_new_fdt:
39a751a4cb7e47 Frank Rowand      2018-02-12  1069  	kfree(new_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1070  
39a751a4cb7e47 Frank Rowand      2018-02-12  1071  out:
39a751a4cb7e47 Frank Rowand      2018-02-12  1072  	return ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1073  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org 

Download attachment ".config.gz" of type "application/gzip" (34729 bytes)

_______________________________________________
kbuild mailing list -- kbuild@...ts.01.org
To unsubscribe send an email to kbuild-leave@...ts.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ