lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <58ae0ccc-e964-69a3-b40b-3262fd24af9b@amd.com>
Date:   Mon, 28 Feb 2022 11:55:38 +0100
From:   Christian König <christian.koenig@....com>
To:     trix@...hat.com, alexander.deucher@....com, Xinhui.Pan@....com,
        airlied@...ux.ie, daniel@...ll.ch, nathan@...nel.org,
        ndesaulniers@...gle.com, lijo.lazar@....com, nirmoy.das@....com,
        kevin1.wang@....com, tom.stdenis@....com, evan.quan@....com,
        Amaranath.Somalapuram@....com
Cc:     amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2] drm/amdgpu: Fix realloc of ptr

Am 27.02.22 um 16:33 schrieb trix@...hat.com:
> From: Tom Rix <trix@...hat.com>
>
> Clang static analysis reports this error
> amdgpu_debugfs.c:1690:9: warning: 1st function call
>    argument is an uninitialized value
>    tmp = krealloc_array(tmp, i + 1,
>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> realloc uses tmp, so tmp can not be garbage.
> And the return needs to be checked.
>
> Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
> Signed-off-by: Tom Rix <trix@...hat.com>

Yeah, stuff I missed because of the long review. I was already wondering 
what semantics krealloc_array is following for freeing up the pointer on 
error.

Reviewed-by: Christian König <christian.koenig@....com>

Thanks,
Christian.

> ---
> v2:
>    use 'new' to hold/check the ralloc return
>    fix commit log mistake on ralloc freeing to using input ptr
>    
>   drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> index 9eb9b440bd438..2f4f8c5618d81 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
>   {
>   	struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
>   	char reg_offset[11];
> -	uint32_t *tmp;
> +	uint32_t *new, *tmp = NULL;
>   	int ret, i = 0, len = 0;
>   
>   	do {
> @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
>   			goto error_free;
>   		}
>   
> -		tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> +		new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> +		if (!new) {
> +			ret = -ENOMEM;
> +			goto error_free;
> +		}
> +		tmp = new;
>   		if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
>   			ret = -EINVAL;
>   			goto error_free;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ