lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <de76ebde-3453-4f4f-a0a4-d054121de553@gmail.com>
Date: Tue, 25 Nov 2025 21:36:16 +0530
From: Navaneeth K <knavaneeth786@...il.com>
To: Abdun Nihaal <abdun.nihaal@...il.com>
Cc: parthiban.veerasooran@...rochip.com, christian.gromm@...rochip.com,
 gregkh@...uxfoundation.org, linux-staging@...ts.linux.dev,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: most: dim2: fix missing cleanup on interface
 registration failure

Hi Nihaal,
Thank you for the detailed explanation.
That makes perfect sense. I wasn’t aware that most_register_interface()
is intended to handle cleanup via the dev.release path even on failure.
I will analyze most_register_interface() and prepare a follow-up patch
to address the inconsistency in the early error paths where put_device()
is missing, as you suggested.

Greg, since this version of the patch would introduce a double-free,
could you please drop it from staging-testing?

Regards,
Navaneeth

On 25-11-2025 20:46, Abdun Nihaal wrote:
> nack.
>
> On Sat, Nov 22, 2025 at 06:56:56PM +0000, Navaneeth K wrote:
>> If most_register_interface() fails, the function returned immediately
>> without freeing the allocated 'dev' structure or resetting the hardware
>> state via dim_shutdown().
> Based on the commit message of the following commit,
> most_register_interface() is expected to free the passed interface using
> device release both on success and error.
> commit baadf2a5c26e ("most: usb: fix double free on late probe failure")
> https://lore.kernel.org/all/20251029093029.28922-1-johan@kernel.org/
>
>>   	dev->dev.release = dim2_release;
>>   
>> -	return most_register_interface(&dev->most_iface);
>> +	ret = most_register_interface(&dev->most_iface);
>> +	if (ret)
>> +		goto err_shutdown_dim;
>> +
>> +	return 0;
> Commit d445aa402d60 ("staging: most: dim2: use device release method")
> converted this code to use device release, where the function stored in
> dev.release (dim2_release() here) will be called to free the device
> when put_device() or device_unregister() is called on the device.
>
> dim2_release() does free and shut down the hardware correctly, so doing
> it again in the error path would lead to a double free.
>
> However, I do see that in most_register_interface() function, the first
> few error paths (before the device_register() call) are not calling
> put_device() to free the interface device, which is inconsistent with
> the later error paths in that function.
>
> Leave this code as it is, and fix the most_register_interface()
> to consistently release the device on error, by calling put_device()
> on those early error paths.
>
> Also, when sending bug fixes, add a Fixes tag.
>
> Regards,
> Nihaal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ