lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f6ad24c8-0065-4d73-98f1-dc4246ca70ea@arm.com>
Date: Thu, 24 Oct 2024 14:27:18 +0100
From: Lukasz Luba <lukasz.luba@....com>
To: "Rafael J. Wysocki" <rafael@...nel.org>,
 Daniel Lezcano <daniel.lezcano@...aro.org>
Cc: Markus Elfring <Markus.Elfring@....de>, linux-pm@...r.kernel.org,
 LKML <linux-kernel@...r.kernel.org>, Zhang Rui <rui.zhang@...el.com>
Subject: Re: [PATCH] thermal/lib: Fix memory leak on error in
 thermal_genl_auto()



On 10/24/24 14:18, Rafael J. Wysocki wrote:
> On Thu, Oct 24, 2024 at 2:57 PM Daniel Lezcano
> <daniel.lezcano@...aro.org> wrote:
>>
>> On 24/10/2024 14:02, Markus Elfring wrote:
>>>> The function thermal_genl_auto() does not free the allocated message
>>>> in the error path. Fix that by putting a out label and jump to it
>>>> which will free the message instead of directly returning an error.
>>>
>>> Would you like to add any tags (like “Fixes” and “Cc”) accordingly?
>>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.12-rc4#n145
>>>
>>>
>>> …
>>>> +++ b/tools/lib/thermal/commands.c
>>>> @@ -375,27 +375,30 @@ static thermal_error_t thermal_genl_auto(struct thermal_handler *th, cmd_cb_t cm
>>>>                                        struct cmd_param *param,
>>>>                                        int cmd, int flags, void *arg)
>>>>    {
>>>> +    thermal_error_t ret = THERMAL_ERROR;
>>>>       struct nl_msg *msg;
>>>>       void *hdr;
>>>>
>>>>       msg = nlmsg_alloc();
>>>>       if (!msg)
>>>> -            return THERMAL_ERROR;
>>>> +            goto out;
>>> …
>>>
>>> Is it really reasonable to pass a null pointer (from a failed function call)
>>> to a subsequent nlmsg_free() call?
>>
>> You are right, I should return here :S
> 
> Do you want to respin it?
> 
> Alternatively, I can fix it up when applying the patch.

The nlmskg_free() function should handle that similar to kfree().
Under the hood there is a check in skb_unref():
if (unlikely(!skb))

AFAIK the kfree() is used similar way and NULL is part of generic
case sometimes, not handles with extra code.

Up to you. You can keep my review tag in both cases.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ