lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5db36d2b-afe0-4027-b22e-ded163a409be@web.de>
Date: Thu, 28 Dec 2023 08:56:38 +0100
From: Markus Elfring <Markus.Elfring@....de>
To: chrome-platform@...ts.linux.dev, kernel-janitors@...r.kernel.org,
 Benson Leung <bleung@...omium.org>, Günter Röck
 <groeck@...omium.org>, Tzung-Bi Shih <tzungbi@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: [PATCH] platform/chrome: cros_ec_i2c: Less function calls in
 cros_ec_cmd_xfer_i2c() after error detection

From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Thu, 28 Dec 2023 08:36:49 +0100

The kfree() function was called in up to two cases by
the cros_ec_cmd_xfer_i2c() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.

* Adjust jump targets.

* Delete two initialisations which became unnecessary
  with this refactoring.

Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
 drivers/platform/chrome/cros_ec_i2c.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/platform/chrome/cros_ec_i2c.c b/drivers/platform/chrome/cros_ec_i2c.c
index e29c51cbfd71..2a6ec623e352 100644
--- a/drivers/platform/chrome/cros_ec_i2c.c
+++ b/drivers/platform/chrome/cros_ec_i2c.c
@@ -193,8 +193,7 @@ static int cros_ec_cmd_xfer_i2c(struct cros_ec_device *ec_dev,
 	int i;
 	int len;
 	int packet_len;
-	u8 *out_buf = NULL;
-	u8 *in_buf = NULL;
+	u8 *in_buf, *out_buf;
 	u8 sum;
 	struct i2c_msg i2c_msg[2];

@@ -210,7 +209,8 @@ static int cros_ec_cmd_xfer_i2c(struct cros_ec_device *ec_dev,
 	packet_len = msg->insize + 3;
 	in_buf = kzalloc(packet_len, GFP_KERNEL);
 	if (!in_buf)
-		goto done;
+		goto check_command;
+
 	i2c_msg[1].len = packet_len;
 	i2c_msg[1].buf = (char *)in_buf;

@@ -221,7 +221,8 @@ static int cros_ec_cmd_xfer_i2c(struct cros_ec_device *ec_dev,
 	packet_len = msg->outsize + 4;
 	out_buf = kzalloc(packet_len, GFP_KERNEL);
 	if (!out_buf)
-		goto done;
+		goto free_in_buf;
+
 	i2c_msg[0].len = packet_len;
 	i2c_msg[0].buf = (char *)out_buf;

@@ -278,8 +279,10 @@ static int cros_ec_cmd_xfer_i2c(struct cros_ec_device *ec_dev,

 	ret = len;
 done:
-	kfree(in_buf);
 	kfree(out_buf);
+free_in_buf:
+	kfree(in_buf);
+check_command:
 	if (msg->command == EC_CMD_REBOOT_EC)
 		msleep(EC_REBOOT_DELAY_MS);

--
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ