lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202108241754.681GIVPd-lkp@intel.com>
Date:   Tue, 24 Aug 2021 12:58:05 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org, Adrian Hunter <adrian.hunter@...el.com>
Cc:     lkp@...el.com, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Bart Van Assche <bvanassche@....org>
Subject: [mkp-scsi:for-next 276/292] drivers/scsi/ufs/ufshcd.c:7965
 ufshcd_request_sense_async() warn: possible memory leak of 'buffer'

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next
head:   d09224115cf67bdce4eef2ca3533f86ab1ea1942
commit: c6b2e1373c89c4ecf2b379720b3eb24cf99844f4 [276/292] scsi: ufs: Fix ufshcd_request_sense_async() for Samsung KLUFG8RHDA-B2D1
config: i386-randconfig-m021-20210824 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

New smatch warnings:
drivers/scsi/ufs/ufshcd.c:7965 ufshcd_request_sense_async() warn: possible memory leak of 'buffer'

Old smatch warnings:
drivers/scsi/ufs/ufshcd.c:5254 ufshcd_uic_cmd_compl() error: we previously assumed 'hba->active_uic_cmd' could be null (see line 5242)

vim +/buffer +7965 drivers/scsi/ufs/ufshcd.c

4f3e900b628226 Jaegeuk Kim     2020-11-17  7945  static int
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7946  ufshcd_request_sense_async(struct ufs_hba *hba, struct scsi_device *sdev)
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7947  {
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7948  	/*
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7949  	 * Some UFS devices clear unit attention condition only if the sense
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7950  	 * size used (UFS_SENSE_SIZE in this case) is non-zero.
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7951  	 */
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7952  	static const u8 cmd[6] = {REQUEST_SENSE, 0, 0, 0, UFS_SENSE_SIZE, 0};
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7953  	struct scsi_request *rq;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7954  	struct request *req;
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7955  	char *buffer;
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7956  	int ret;
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7957  
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7958  	buffer = kzalloc(UFS_SENSE_SIZE, GFP_KERNEL);
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7959  	if (!buffer)
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7960  		return -ENOMEM;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7961  
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7962  	req = blk_get_request(sdev->request_queue, REQ_OP_DRV_IN,
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7963  			      /*flags=*/BLK_MQ_REQ_PM);
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7964  	if (IS_ERR(req))
ac1bc2ba060f96 Bart Van Assche 2021-07-21 @7965  		return PTR_ERR(req);

kfree(buffer);

ac1bc2ba060f96 Bart Van Assche 2021-07-21  7966  
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7967  	ret = blk_rq_map_kern(sdev->request_queue, req,
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7968  			      buffer, UFS_SENSE_SIZE, GFP_NOIO);
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7969  	if (ret) {
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7970  		blk_put_request(req);
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7971  		kfree(buffer);
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7972  		return ret;
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7973  	}
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7974  
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7975  	rq = scsi_req(req);
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7976  	rq->cmd_len = ARRAY_SIZE(cmd);
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7977  	memcpy(rq->cmd, cmd, rq->cmd_len);
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7978  	rq->retries = 3;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7979  	req->timeout = 1 * HZ;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7980  	req->rq_flags |= RQF_PM | RQF_QUIET;
c6b2e1373c89c4 Adrian Hunter   2021-08-23  7981  	req->end_io_data = buffer;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7982  
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7983  	blk_execute_rq_nowait(/*bd_disk=*/NULL, req, /*at_head=*/true,
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7984  			      ufshcd_request_sense_done);
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7985  	return 0;
ac1bc2ba060f96 Bart Van Assche 2021-07-21  7986  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ