lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2022 16:16:08 +0300 From: Sergey Ryazanov <ryazanov.s.a@...il.com> To: Bo Liu <liubo03@...pur.com> Cc: Loic Poulain <loic.poulain@...aro.org>, Johannes Berg <johannes@...solutions.net>, David Miller <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2 1/1] net: wwan: call ida_free when device_register fails Hello Bo, generally the patch looks good to me, but it needs improvement in the wwan_create_dev() part. Sorry that I missed this part in the previous review. See details below. On Mon, Jul 11, 2022 at 3:54 AM Bo Liu <liubo03@...pur.com> wrote: > > when device_register() fails, we should call ida_free(). > > Fixes: 9a44c1cc6388 ("net: Add a WWAN subsystem") > Signed-off-by: Bo Liu <liubo03@...pur.com> > --- > Changes from v1: > -Add a Fixes tag pointing to the commit > > drivers/net/wwan/wwan_core.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/drivers/net/wwan/wwan_core.c b/drivers/net/wwan/wwan_core.c > index b8c7843730ed..0f653e320b2b 100644 > --- a/drivers/net/wwan/wwan_core.c > +++ b/drivers/net/wwan/wwan_core.c > @@ -228,8 +228,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent) > wwandev = kzalloc(sizeof(*wwandev), GFP_KERNEL); > if (!wwandev) { > wwandev = ERR_PTR(-ENOMEM); > - ida_free(&wwan_dev_ids, id); > - goto done_unlock; > + goto error_free_ida; > } > > wwandev->dev.parent = parent; > @@ -242,7 +241,7 @@ static struct wwan_device *wwan_create_dev(struct device *parent) > if (err) { > put_device(&wwandev->dev); > wwandev = ERR_PTR(err); > - goto done_unlock; > + goto error_free_ida; > } > > #ifdef CONFIG_WWAN_DEBUGFS > @@ -251,6 +250,8 @@ static struct wwan_device *wwan_create_dev(struct device *parent) > wwan_debugfs_dir); > #endif > > +error_free_ida: > + ida_free(&wwan_dev_ids, id); > done_unlock: > mutex_unlock(&wwan_register_lock); > This hunk misses the case of a successful device registration. After patching, the code will look like this: err = device_register(&wwandev->dev); if (err) { put_device(&wwandev->dev); wwandev = ERR_PTR(err); goto error_free_ida; } wwandev->debugfs_dir = debugfs_create_dir(kobject_name(&wwandev->dev.kobj), wwan_debugfs_dir); error_free_ida: ida_free(&wwan_dev_ids, id); done_unlock: mutex_unlock(&wwan_register_lock); As you can see, even if the device will be registered successfully, the allocated id will be unconditionally freed. The easiest way to fix this is to add "goto done_unlock" right after the debugfs directory creation call. So the hunk should become something like this: @@ -249,8 +248,12 @@ static struct wwan_device *wwan_create_dev(struct device *parent) wwandev->debugfs_dir = debugfs_create_dir(kobject_name(&wwandev->dev.kobj), wwan_debugfs_dir); #endif + goto done_unlock; + +error_free_ida: + ida_free(&wwan_dev_ids, id); done_unlock: mutex_unlock(&wwan_register_lock); -- Sergey
Powered by blists - more mailing lists