lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f1d56fd3-6e1b-58fe-74bd-85d610e62a87@wanadoo.fr>
Date:   Fri, 9 Jun 2023 18:17:19 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     Walter Harms <wharms@....de>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        Alim Akhtar <alim.akhtar@...sung.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        Thomas Abraham <thomas.abraham@...aro.org>,
        Kukjin Kim <kgene.kim@...sung.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-samsung-soc@...r.kernel.org" 
        <linux-samsung-soc@...r.kernel.org>,
        "linux-serial@...r.kernel.org" <linux-serial@...r.kernel.org>
Subject: Re: AW: [PATCH 2/2] tty: serial: samsung_tty: Fix a memory leak in
 s3c24xx_serial_getclk() when iterating clk

Le 09/06/2023 à 10:57, Walter Harms a écrit :
> 
> while we are here ....
> 
> perhaps INT_MAX from kernel.h ?

from include/vdso/limits.h

> int   deviation = (1 << 30) - 1;

I don't know the initial intent for this value, but it is not the same 
as MAX_INT.

> 
> the part before looks a bit strange
> 
> if (ourport->info->has_divslot) {
>                          unsigned long div = rate / req_baud;
> 
>                          /* The UDIVSLOT register on the newer UARTs allows us to
>                           * get a divisor adjustment of 1/16th on the baud clock.
>                           *
>                           * We don't keep the UDIVSLOT value (the 16ths we
>                           * calculated by not multiplying the baud by 16) as it
>                           * is easy enough to recalculate.
>                           */
> 
>                          quot = div / 16;
>                          baud = rate / div;
> because
>     baud=rate/rate/req_baud = req_baud

In math yes. In integer computation, no.
	rate = 20000
	req_baud = 9600

	div = rate / req_baud 		==> 2
	baud = rate / div;		==> 20000 / 2 = 10000

	9600 <> 10000

I don't know if it is the intent, but it is the way it works.

And knowing that:
	calc_deviation = req_baud - baud;
I guess that it is the way it is expected to work.

With your reasoning, calc_deviation would be always 0.

> can this be simplyfied ? (or is the numeric required  ?)
> 
> 
> Homebrew abs()  kernel.h has a abs() can we use it here ?

include/linux/math.h

> 
>              if (calc_deviation < 0)
>                          calc_deviation = -calc_deviation;

Ok, why not.

> 
> to the patch:
> 
> +                       /*
> +                        * If we find a better clk, release the previous one, if
> +                        * any.
> +                        */
> +                       if (!IS_ERR(*best_clk))
> +                               clk_put(*best_clk);
> 
> the intentions are good. *best_clk is user supplied (and should be NULL)

??? Why should it be NULL?

There is only one caller, and the value id &clk, knowing that:
    struct clk *clk = ERR_PTR(-EINVAL);

The code could be changed to have an initial NULL value, but it would'nt 
bring that much added value, in my PoV.
It would only save a test which is just fine as-is.

> filled & released in the next round but IMHO must be valid (is clk).
> so no need to check. (ntl clk_put seems to handle NULL and ERR )
>     if (!clk || WARN_ON_ONCE(IS_ERR(clk)))
>                  return;

My point with "if (!IS_ERR(*best_clk))" is to handle the initial 
iteration when *best_clk is ERR_PTR(-EINVAL).
clk_put() can handle it, but it would WARN in the normal path, so it 
sounds strange to me.

CJ

> 
> JM2C
>   wh
> ________________________________________
> Von: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> Gesendet: Freitag, 9. Juni 2023 06:45:39
> An: Krzysztof Kozlowski; Alim Akhtar; Greg Kroah-Hartman; Jiri Slaby; Thomas Abraham; Kukjin Kim
> Cc: linux-kernel@...r.kernel.org; kernel-janitors@...r.kernel.org; Christophe JAILLET; linux-arm-kernel@...ts.infradead.org; linux-samsung-soc@...r.kernel.org; linux-serial@...r.kernel.org
> Betreff: [PATCH 2/2] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
> 
> When the best clk is searched, we iterate over all possible clk.
> 
> If we find a better match, the previous one, if any, needs to be freed.
> If a better match has already been found, we still need to free the new
> one, otherwise it leaks.
> 
> Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
> ---
> This patch is speculative. Review with care.
> 
> I think that some clk_put() are also missing somewhere else in the driver
> but won't be able to investigate further.
> ---
>   drivers/tty/serial/samsung_tty.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
> index dd751e7010e3..c07877dd25fa 100644
> --- a/drivers/tty/serial/samsung_tty.c
> +++ b/drivers/tty/serial/samsung_tty.c
> @@ -1488,10 +1488,18 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport,
>                          calc_deviation = -calc_deviation;
> 
>                  if (calc_deviation < deviation) {
> +                       /*
> +                        * If we find a better clk, release the previous one, if
> +                        * any.
> +                        */
> +                       if (!IS_ERR(*best_clk))
> +                               clk_put(*best_clk);
>                          *best_clk = clk;
>                          best_quot = quot;
>                          *clk_num = cnt;
>                          deviation = calc_deviation;
> +               } else {
> +                       clk_put(clk);
>                  }
>          }
> 
> --
> 2.34.1
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ