lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 May 2021 18:01:09 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
Cc:     Liu Shuo <b35362@...escale.com>,
        Prabhakar Kushwaha <prabhakar@...escale.com>,
        Li Yang <leoyang.li@....com>,
        Dipen Dudhat <Dipen.Dudhat@...escale.com>,
        linux-kernel@...r.kernel.org, Raghav Dogra <raghav.dogra@....com>
Subject: Re: [RFT PATCH 2/2] memory: fsl_ifc: fix leak of private memory on
 probe failure

On Thu, May 27, 2021 at 10:42:40AM -0400, Krzysztof Kozlowski wrote:
> On probe error the driver should free the memory allocated for private
> structure.  Fix this by using resource-managed allocation.
> 
> Fixes: a20cbdeffce2 ("powerpc/fsl: Add support for Integrated Flash Controller")
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
> 
> ---
> 
> Only build tested.
> ---
>  drivers/memory/fsl_ifc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/memory/fsl_ifc.c b/drivers/memory/fsl_ifc.c
> index a6324044a085..3ee7183b20fb 100644
> --- a/drivers/memory/fsl_ifc.c
> +++ b/drivers/memory/fsl_ifc.c
> @@ -209,7 +209,8 @@ static int fsl_ifc_ctrl_probe(struct platform_device *dev)
>  
>  	dev_info(&dev->dev, "Freescale Integrated Flash Controller\n");
>  
> -	fsl_ifc_ctrl_dev = kzalloc(sizeof(*fsl_ifc_ctrl_dev), GFP_KERNEL);
> +	fsl_ifc_ctrl_dev = devm_kzalloc(&dev->dev, sizeof(*fsl_ifc_ctrl_dev),
> +					GFP_KERNEL);
>  	if (!fsl_ifc_ctrl_dev)
>  		return -ENOMEM;

You'd need to remove the kfree(ctrl) in the remove function as well or
it will lead to a double free.

Unrelated to your patch but related to Smatch.  The Smatch check for
resource leaks which I mentioned check_unwind.c doesn't look for
kmalloc() leaks because those are quite complicated to deal with.
kmalloc() allocations are so much more common and that if you have a 5%
false positive rate, then it's just overwhelming.  There is a separate
Smatch check for that but it's garbage and I need to re-write it.

Also I'm really inspired by Christophe JAILLET's Coccinelle checks which
compare the ->probe and ->remove() functions to see if they match.  So I
may attempt something similar.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ