lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 29 May 2023 09:47:09 +0000
From:   <Kumaravel.Thiagarajan@...rochip.com>
To:     <harshit.m.mogalapalli@...cle.com>
CC:     <error27@...il.com>, <dan.carpenter@...aro.org>,
        <kernel-janitors@...r.kernel.org>, <arnd@...db.de>,
        <gregkh@...uxfoundation.org>, <linux-gpio@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <VaibhaavRam.TL@...rochip.com>
Subject: RE: [PATCH] misc: microchip: pci1xxxx: Fix error handling in
 gp_aux_bus_probe()

> -----Original Message-----
> From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> Sent: Thursday, May 18, 2023 10:04 PM
> 
> Smatch warns:
>         drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c:73
>         gp_aux_bus_probe() warn: missing unwind goto?
> 
> Apart from above warning that smatch warns, we have other issues with this
> function.
> 
> 1. The call to auxiliary_device_add() needs a matching call to
>    auxiliary_device_delete(). When memory allocation for
>    "aux_bus->aux_device_wrapper[1]" fails we should also delete
>    auxiliary device for "aux_device_wrapper[0]".
> 2. In the error path when auxiliary_device_uninit() is called, it
>    does trigger the release function --> gp_auxiliary_device_release(),
>    this release function has the following:
> 
>         ida_free(&gp_client_ida, aux_device_wrapper->aux_dev.id);
>         kfree(aux_device_wrapper);
> 
>    so few error paths have double frees. Eg: The goto label
>    "err_aux_dev_add_0" first calls auxiliary_device_uninit() which also
>    does an ida_free(), so when the control reaches "err_aux_dev_init_0"
>    it will be a double free there.
> 
> Re-write the error handling code. Clean up manually before the
> auxiliary_device_init() calls succeed and use gotos to clean up after they
> succeed. Also change the goto label names to follow freeing the last thing to
> make it more readable.
Thank You Harshit ! I reviewed your changes.
But I need some time to apply the changes and test them.
I will let you know as soon as we make progress.
> 
> Fixes: 393fc2f5948f ("misc: microchip: pci1xxxx: load auxiliary bus driver for
> the PIO function in the multi-function endpoint of pci1xxxx device.")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> ---
> Only compile tested, from static analysis.

Regards,
Kumar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ