| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2022 16:16:08 +0300
From: Sergey Ryazanov <ryazanov.s.a@...il.com>
To: Bo Liu <liubo03@...pur.com>
Cc: Loic Poulain <loic.poulain@...aro.org>,
Johannes Berg <johannes@...solutions.net>,
David Miller <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/1] net: wwan: call ida_free when device_register fails
Hello Bo,
generally the patch looks good to me, but it needs improvement in the
wwan_create_dev() part. Sorry that I missed this part in the previous
review. See details below.
On Mon, Jul 11, 2022 at 3:54 AM Bo Liu <liubo03@...pur.com> wrote:
>
> when device_register() fails, we should call ida_free().
>
> Fixes: 9a44c1cc6388 ("net: Add a WWAN subsystem")
> Signed-off-by: Bo Liu <liubo03@...pur.com>
> ---
> Changes from v1:
> -Add a Fixes tag pointing to the commit
>
> drivers/net/wwan/wwan_core.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c
> index b8c7843730ed..0f653e320b2b 100644
> --- a/drivers/net/wwan/wwan_core.c
> +++ b/drivers/net/wwan/wwan_core.c
> @@ -228,8 +228,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> wwandev = kzalloc(sizeof(*wwandev), GFP_KERNEL);
> if (!wwandev) {
> wwandev = ERR_PTR(-ENOMEM);
> - ida_free(&wwan_dev_ids, id);
> - goto done_unlock;
> + goto error_free_ida;
> }
>
> wwandev->dev.parent = parent;
> @@ -242,7 +241,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> if (err) {
> put_device(&wwandev->dev);
> wwandev = ERR_PTR(err);
> - goto done_unlock;
> + goto error_free_ida;
> }
>
> #ifdef CONFIG_WWAN_DEBUGFS
> @@ -251,6 +250,8 @@ static struct wwan_device *wwan_create_dev(struct device *parent)
> wwan_debugfs_dir);
> #endif
>
> +error_free_ida:
> + ida_free(&wwan_dev_ids, id);
> done_unlock:
> mutex_unlock(&wwan_register_lock);
>
This hunk misses the case of a successful device registration. After
patching, the code will look like this:
err = device_register(&wwandev->dev);
if (err) {
put_device(&wwandev->dev);
wwandev = ERR_PTR(err);
goto error_free_ida;
}
wwandev->debugfs_dir =
debugfs_create_dir(kobject_name(&wwandev->dev.kobj),
wwan_debugfs_dir);
error_free_ida:
ida_free(&wwan_dev_ids, id);
done_unlock:
mutex_unlock(&wwan_register_lock);
As you can see, even if the device will be registered successfully,
the allocated id will be unconditionally freed.
The easiest way to fix this is to add "goto done_unlock" right after
the debugfs directory creation call. So the hunk should become
something like this:
@@ -249,8 +248,12 @@ static struct wwan_device *wwan_create_dev(struct
device *parent)
wwandev->debugfs_dir =
debugfs_create_dir(kobject_name(&wwandev->dev.kobj),
wwan_debugfs_dir);
#endif
+ goto done_unlock;
+
+error_free_ida:
+ ida_free(&wwan_dev_ids, id);
done_unlock:
mutex_unlock(&wwan_register_lock);
--
Sergey
Powered by blists - more mailing lists