lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2894930.q0nCt6o0pg@debian64>
Date:	Sun, 09 Mar 2014 00:08:54 +0100
From:	Christian Lamparter <chunkeey@...glemail.com>
To:	Krishna Chaitanya <chaitanya.mgit@...il.com>
Cc:	Alexey Khoroshilov <khoroshilov@...ras.ru>,
	"John W. Linville" <linville@...driver.com>,
	linux-wireless <linux-wireless@...r.kernel.org>,
	netdev <netdev@...r.kernel.org>, linux-kernel@...r.kernel.org,
	ldv-project@...uxtesting.org
Subject: Re: [PATCH] p54usb: fix leaks at failure path in p54u_probe()

On Sunday, March 09, 2014 04:14:32 AM Krishna Chaitanya wrote:
> On Sat, Mar 8, 2014 at 2:41 AM, Alexey Khoroshilov
> <khoroshilov@...ras.ru> wrote:
> > If p54u_load_firmware() fails, p54u_probe() does not deallocate
> > already allocated resources. The patch adds proper failure handling.
> >
> > Found by Linux Driver Verification project (linuxtesting.org).
> >
> > Signed-off-by: Alexey Khoroshilov <khoroshilov@...ras.ru>
> > ---
> >  drivers/net/wireless/p54/p54usb.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/drivers/net/wireless/p54/p54usb.c b/drivers/net/wireless/p54/p54usb.c
> > index 6e635cfa24c8..5df74503fd4f 100644
> > --- a/drivers/net/wireless/p54/p54usb.c
> > +++ b/drivers/net/wireless/p54/p54usb.c
> > @@ -1053,6 +1053,10 @@ static int p54u_probe(struct usb_interface *intf,
> >                 priv->upload_fw = p54u_upload_firmware_net2280;
> >         }
> >         err = p54u_load_firmware(dev, intf);
> > +       if (err) {
> > +               usb_put_dev(udev);
> > +               p54_free_common(dev);
> > +       }
> >         return err;
> >  }
> The load_firmware puts down the reference
> in case of error. Only free is required here.
No, the put is required too... But let me explain:

p54u_load_firmware calls usb_get_dev(udev) before it requests the firmware
load. The Reason is: the firmware callback is usually run in another thread
(usually it's pretty quick, but due to timeouts it could take up to 60 seconds 
- or at least it did when I wrote it). Therefore I found it appropriate to give 
that request callback its "reference++" as it needs the "udev" too (e.g.: for
dev_info, dev_err and releasing the driver if the device couldn't be 
initialized).

Regards,
Christian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ