lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YOxQ5TbkNrqCGBDJ@phenom.ffwll.local>
Date:   Mon, 12 Jul 2021 16:25:41 +0200
From:   Daniel Vetter <daniel@...ll.ch>
To:     Julia Lawall <Julia.Lawall@...ia.fr>
Cc:     Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        kernel-janitors@...r.kernel.org,
        Maxime Ripard <mripard@...nel.org>,
        Thomas Zimmermann <tzimmermann@...e.de>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/of: free the right object

On Fri, Jul 09, 2021 at 10:07:17PM +0200, Julia Lawall wrote:
> There is no need to free a NULL value.  Instead, free the object
> that is leaking due to the iterator.
> 
> The semantic patch that finds this problem is as follows:
> 
> // <smpl>
> @@
> expression x,e;
> identifier f;
> @@
>  x = f(...);
>  if (x == NULL) {
> 	... when any
> 	    when != x = e
> *	of_node_put(x);
> 	...
>  }
> // </smpl>
> 
> Fixes: 6529007522de ("drm: of: Add drm_of_lvds_get_dual_link_pixel_order")
> Signed-off-by: Julia Lawall <Julia.Lawall@...ia.fr>

Applied to drm-misc-next, thanks for your patch.

Random rant about this for_each_child_of_node():
- not documented with kerneldoc
- very dangerous since the seemingly correct usage leaks

What we've done here for similar refcounted iterators is a 3 step process:
- iter_init()
- for_each_iter() macro
- iter_fini(), which has to be always called after iter_init and cleans up
  the last reference.

Then it's a lot more obvious that you call iter_fini() when you break out
of a loop. Trying to hide that in the for_each macro is a bit much.

Cheers, Daniel

> 
> ---
>  drivers/gpu/drm/drm_of.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_of.c b/drivers/gpu/drm/drm_of.c
> index ca04c34e8251..197c57477344 100644
> --- a/drivers/gpu/drm/drm_of.c
> +++ b/drivers/gpu/drm/drm_of.c
> @@ -315,7 +315,7 @@ static int drm_of_lvds_get_remote_pixels_type(
>  
>  		remote_port = of_graph_get_remote_port(endpoint);
>  		if (!remote_port) {
> -			of_node_put(remote_port);
> +			of_node_put(endpoint);
>  			return -EPIPE;
>  		}
>  
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ