lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BN8PR11MB3668990F7108B177420FA3F2E950A@BN8PR11MB3668.namprd11.prod.outlook.com>
Date:   Thu, 8 Jun 2023 06:57:03 +0000
From:   <Kumaravel.Thiagarajan@...rochip.com>
To:     <harshit.m.mogalapalli@...cle.com>
CC:     <error27@...il.com>, <dan.carpenter@...aro.org>,
        <kernel-janitors@...r.kernel.org>, <arnd@...db.de>,
        <gregkh@...uxfoundation.org>, <linux-gpio@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <VaibhaavRam.TL@...rochip.com>,
        <Jegadheesan.GopalManoharan@...rochip.com>
Subject: RE: [PATCH] misc: microchip: pci1xxxx: Fix error handling in
 gp_aux_bus_probe()

> -----Original Message-----
> From: Kumaravel Thiagarajan - I21417
> Sent: Monday, May 29, 2023 3:17 PM
> To: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> Subject: RE: [PATCH] misc: microchip: pci1xxxx: Fix error handling in
> gp_aux_bus_probe()
> 
> >
> > Smatch warns:
> >         drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c:73
> >         gp_aux_bus_probe() warn: missing unwind goto?
> >
> > Apart from above warning that smatch warns, we have other issues with
> > this function.
> >
> > 1. The call to auxiliary_device_add() needs a matching call to
> >    auxiliary_device_delete(). When memory allocation for
> >    "aux_bus->aux_device_wrapper[1]" fails we should also delete
> >    auxiliary device for "aux_device_wrapper[0]".
> > 2. In the error path when auxiliary_device_uninit() is called, it
> >    does trigger the release function --> gp_auxiliary_device_release(),
> >    this release function has the following:
> >
> >         ida_free(&gp_client_ida, aux_device_wrapper->aux_dev.id);
> >         kfree(aux_device_wrapper);
> >
> >    so few error paths have double frees. Eg: The goto label
> >    "err_aux_dev_add_0" first calls auxiliary_device_uninit() which also
> >    does an ida_free(), so when the control reaches "err_aux_dev_init_0"
> >    it will be a double free there.
> >
> > Re-write the error handling code. Clean up manually before the
> > auxiliary_device_init() calls succeed and use gotos to clean up after
> > they succeed. Also change the goto label names to follow freeing the
> > last thing to make it more readable.
> Thank You Harshit ! I reviewed your changes.
> But I need some time to apply the changes and test them.
> I will let you know as soon as we make progress.
> >
> > Fixes: 393fc2f5948f ("misc: microchip: pci1xxxx: load auxiliary bus
> > driver for the PIO function in the multi-function endpoint of pci1xxxx
> > device.")
> > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> > ---
> > Only compile tested, from static analysis.

Jegadheesan,

Please apply and test this patch - https://lore.kernel.org/all/20230518163333.1355445-1-harshit.m.mogalapalli@oracle.com/
It would fix some bugs in the pci1xxxx'x auxiliary bus driver's error handling path in the probe function.

Thank You.

Regards,
Kumar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ