lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <eca39015-296c-4494-8b1b-6344b4ace3a2@wanadoo.fr>
Date: Wed, 28 Feb 2024 18:59:47 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: andy@...yhouse.net, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH net 2/2] net: tehuti: Fix leaks in the error handling path
 of bdx_probe()

Le 28/02/2024 à 11:17, Dan Carpenter a écrit :
> On Tue, Feb 27, 2024 at 09:50:56PM +0100, Christophe JAILLET wrote:
>> If an error occurs when allocating the net_device, all the one already
>> allocated and registered should be released, as already done in the remove
>> function.
>>
>> Add a new label, remove the now useless 'err_out_disable_msi' label and
>> adjust the error handling path accordingly.
>>
>> Fixes: 1a348ccc1047 ("[NET]: Add Tehuti network driver.")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
>> Compile tested only.
>> ---
>>   drivers/net/ethernet/tehuti/tehuti.c | 15 ++++++++++-----
>>   1 file changed, 10 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/tehuti/tehuti.c b/drivers/net/ethernet/tehuti/tehuti.c
>> index 938a5caf5a3b..6678179885cb 100644
>> --- a/drivers/net/ethernet/tehuti/tehuti.c
>> +++ b/drivers/net/ethernet/tehuti/tehuti.c
>> @@ -1965,7 +1965,7 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
>>   		ndev = alloc_etherdev(sizeof(struct bdx_priv));
>>   		if (!ndev) {
>>   			err = -ENOMEM;
>> -			goto err_out_disable_msi;
>> +			goto err_out_free;
>>   		}
>>   
>>   		ndev->netdev_ops = &bdx_netdev_ops;
>> @@ -2031,13 +2031,13 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
>>   		if (bdx_read_mac(priv)) {
>>   			pr_err("load MAC address failed\n");
>>   			err = -EFAULT;
>> -			goto err_out_disable_msi;
>> +			goto err_out_free_current;
>>   		}
>>   		SET_NETDEV_DEV(ndev, &pdev->dev);
>>   		err = register_netdev(ndev);
>>   		if (err) {
>>   			pr_err("register_netdev failed\n");
>> -			goto err_out_free;
>> +			goto err_out_free_current;
>>   		}
>>   		netif_carrier_off(ndev);
>>   		netif_stop_queue(ndev);
>> @@ -2046,9 +2046,14 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
>>   	}
>>   	RET(0);
>>   
>> -err_out_free:
>> +err_out_free_current:
>>   	free_netdev(ndev);
> 
> Since it seems like you're going to be resending this patch, could you
> do this free_netdev() before gotos?  That way if someone adds more code
> after the loop then we can still use the goto ladder to unwind.  (No one
> is going to add more code after the loop, I know...  I wouldn't have
> commented except that it seemed like you were going to resend.)
> 
> 		if (bdx_read_mac(priv)) {
> 			free_netdev(ndev);
> 			pr_err("load MAC address failed\n");
> 			err = -EFAULT;
> 			goto err_out_free;
> 		}
> 

Yeh, I thought about it, but it is more verbose and this code looks 
mostly unchanged since 2007!

Anyway, I agree with you and will update accordingly.

CJ

> regards,
> dan carpenter
> 
> 
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ