lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f31523d7270d4a1f82d96b7891ed13e6@bfs.de>
Date:   Fri, 9 Jun 2023 08:57:14 +0000
From:   Walter Harms <wharms@....de>
To:     Christophe JAILLET <christophe.jaillet@...adoo.fr>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        Alim Akhtar <alim.akhtar@...sung.com>,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        Thomas Abraham <thomas.abraham@...aro.org>,
        "Kukjin Kim" <kgene.kim@...sung.com>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-samsung-soc@...r.kernel.org" 
        <linux-samsung-soc@...r.kernel.org>,
        "linux-serial@...r.kernel.org" <linux-serial@...r.kernel.org>
Subject: AW: [PATCH 2/2] tty: serial: samsung_tty: Fix a memory leak in
 s3c24xx_serial_getclk() when iterating clk


while we are here ....

perhaps INT_MAX from kernel.h ?

int   deviation = (1 << 30) - 1;

the part before looks a bit strange

if (ourport->info->has_divslot) {
                        unsigned long div = rate / req_baud;

                        /* The UDIVSLOT register on the newer UARTs allows us to
                         * get a divisor adjustment of 1/16th on the baud clock.
                         *
                         * We don't keep the UDIVSLOT value (the 16ths we
                         * calculated by not multiplying the baud by 16) as it
                         * is easy enough to recalculate.
                         */

                        quot = div / 16;
                        baud = rate / div;
because
   baud=rate/rate/req_baud = req_baud
can this be simplyfied ? (or is the numeric required  ?)


Homebrew abs()  kernel.h has a abs() can we use it here ?

            if (calc_deviation < 0)
                        calc_deviation = -calc_deviation;

to the patch:

+                       /*
+                        * If we find a better clk, release the previous one, if
+                        * any.
+                        */
+                       if (!IS_ERR(*best_clk))
+                               clk_put(*best_clk);

the intentions are good. *best_clk is user supplied (and should be NULL)
filled & released in the next round but IMHO must be valid (is clk).
so no need to check. (ntl clk_put seems to handle NULL and ERR )
   if (!clk || WARN_ON_ONCE(IS_ERR(clk)))
                return;

JM2C
 wh
________________________________________
Von: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Gesendet: Freitag, 9. Juni 2023 06:45:39
An: Krzysztof Kozlowski; Alim Akhtar; Greg Kroah-Hartman; Jiri Slaby; Thomas Abraham; Kukjin Kim
Cc: linux-kernel@...r.kernel.org; kernel-janitors@...r.kernel.org; Christophe JAILLET; linux-arm-kernel@...ts.infradead.org; linux-samsung-soc@...r.kernel.org; linux-serial@...r.kernel.org
Betreff: [PATCH 2/2] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk

When the best clk is searched, we iterate over all possible clk.

If we find a better match, the previous one, if any, needs to be freed.
If a better match has already been found, we still need to free the new
one, otherwise it leaks.

Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
---
This patch is speculative. Review with care.

I think that some clk_put() are also missing somewhere else in the driver
but won't be able to investigate further.
---
 drivers/tty/serial/samsung_tty.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
index dd751e7010e3..c07877dd25fa 100644
--- a/drivers/tty/serial/samsung_tty.c
+++ b/drivers/tty/serial/samsung_tty.c
@@ -1488,10 +1488,18 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport,
                        calc_deviation = -calc_deviation;

                if (calc_deviation < deviation) {
+                       /*
+                        * If we find a better clk, release the previous one, if
+                        * any.
+                        */
+                       if (!IS_ERR(*best_clk))
+                               clk_put(*best_clk);
                        *best_clk = clk;
                        best_quot = quot;
                        *clk_num = cnt;
                        deviation = calc_deviation;
+               } else {
+                       clk_put(clk);
                }
        }

--
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ