lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211108040510.14494-1-nixiaoming@huawei.com>
Date:   Mon, 8 Nov 2021 12:05:10 +0800
From:   Xiaoming Ni <nixiaoming@...wei.com>
To:     <linux-kernel@...r.kernel.org>, <linux@...linux.org.uk>,
        <arnd@...db.de>, <olof@...om.net>, <21cnbao@...il.com>,
        <grant.likely@...retlab.ca>, <santosh.shilimkar@...com>,
        <m.szyprowski@...sung.com>, <tony@...mide.com>,
        <t.figa@...sung.com>, <linux-arm-kernel@...ts.infradead.org>
CC:     <nixiaoming@...wei.com>, <wangle6@...wei.com>
Subject: [PATCH] arm:cache-l2x0: Fix resource leak in the l2x0_of_init() failed branch

During the code review, some problems were found in the function l2x0_of_init().
1. Do not call Of_put_node() after calling of_find_match_node().
2. When __l2c_init() is called for identification, l2x0_base is not released.

Invoking Of_put_node() and iounmap() is added to solve this problem.

Fixes: 8c369264b6de3 ("ARM: 7009/1: l2x0: Add OF based initialization")
Fixes: 91c2ebb90b189 ("ARM: 7114/1: cache-l2x0: add resume entry for l2 in secure mode")
Fixes: 6b49241ac2525 ("ARM: 8259/1: l2c: Refactor the driver to use commit-like interface")
Signed-off-by: Xiaoming Ni <nixiaoming@...wei.com>
---
 arch/arm/mm/cache-l2x0.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c
index 43d91bfd2360..105bf7575cdf 100644
--- a/arch/arm/mm/cache-l2x0.c
+++ b/arch/arm/mm/cache-l2x0.c
@@ -1766,17 +1766,22 @@ int __init l2x0_of_init(u32 aux_val, u32 aux_mask)
 	u32 cache_id, old_aux;
 	u32 cache_level = 2;
 	bool nosync = false;
+	int ret;
 
 	np = of_find_matching_node(NULL, l2x0_ids);
 	if (!np)
 		return -ENODEV;
 
-	if (of_address_to_resource(np, 0, &res))
+	if (of_address_to_resource(np, 0, &res)) {
+		of_put_node(np);
 		return -ENODEV;
+	}
 
 	l2x0_base = ioremap(res.start, resource_size(&res));
-	if (!l2x0_base)
+	if (!l2x0_base) {
+		of_put_node(np);
 		return -ENOMEM;
+	}
 
 	l2x0_saved_regs.phy_base = res.start;
 
@@ -1820,6 +1825,12 @@ int __init l2x0_of_init(u32 aux_val, u32 aux_mask)
 	else
 		cache_id = readl_relaxed(l2x0_base + L2X0_CACHE_ID);
 
-	return __l2c_init(data, aux_val, aux_mask, cache_id, nosync);
+	ret = _l2c_init(data, aux_val, aux_mask, cache_id, nosync);
+	if (ret != 0) {
+		iounmap(l2x0_base);
+		l2x0_base = NULL;
+	}
+	of_put_node(np);
+	return ret;
 }
 #endif
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ