Message ID | 20230707134712.7019-1-abelova@astralinux.ru |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp3290291vqx; Fri, 7 Jul 2023 07:02:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlFl4wavCmga4UWP5gIGDcFkeayVxJGv53pdLBmyZ91Qqgq15SBkCICZYxvdpF9WQPoaIqcW X-Received: by 2002:a05:6a20:5497:b0:128:fce6:dd8b with SMTP id i23-20020a056a20549700b00128fce6dd8bmr4634937pzk.39.1688738568318; Fri, 07 Jul 2023 07:02:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688738568; cv=none; d=google.com; s=arc-20160816; b=RWa8yVaVWDW3YXdCz7T5f2+QojG0I9U/2fnjY3DhPwZuvL/GPXBkzeEQgFPtev60Tn NU+FMYCFyMeQDksFOsPmmnl/UHARdkqhSyyIdDwv9CX03vjGHiGF9abVZJUumNx9Zc9D pi32cE35AnkOgk/jDJ7ttee5Lp4Kk+Z8zofR3tOJYQxD0piAE/KIN6wvVBO5lsT2TI/X gM4zp9IG/SvUbkm9Yhat8PEXCzYd6MACcH54mBNbFa6WVa3W3CWMjL1oyrrn5fzmOkBY OJV8De/py2PtEurEujJ0Pt3wqWPfPjm/aICVPexckrhmYQ1WzEHEctMujEmojzI/e06l WIcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=w5ADv1EiD8qRQT6FCnlkeNEcZ11R9yCHHqAAjwDPOpI=; fh=ghP5+p+O97PbFyvAE/RFztFj0HHyi6U5R+i+g/m3JDw=; b=NUg+1Pccy3TMx4ClRXaB+qlttsQ+EuMfdoZkDF+pYoVM4QM73c0Am9lYapL6IbmScZ mnEWybMkNVTCNya4VKom88jNLflKR4Fohg6TDO6yW0RPwRtySyEHC2HOY8FYyLfn89TH CwinSYSqZYRZ0oFi9x8ZWwtt7vhfw+tKEpcyUUI8JjKWpW09B6e57MkzKcKk6CZqA64A 97lWVSJvHYPVH2+ud7RKsSNlrLQyo2wd2jMgmeSU+tfJNhU2MpKHQaDCabIHSFvV4Gxu Q/4TiQdiNFPKpswEG9u4JtLpNEKFP3FEvtkBMBYIb/pTR2qlO9R0MWXXJ49EZEdPcsm9 8Vyw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k4-20020a056a00134400b00656f1d69ec6si4138708pfu.292.2023.07.07.07.02.26; Fri, 07 Jul 2023 07:02:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232457AbjGGNrf (ORCPT <rfc822;daweilics@gmail.com> + 99 others); Fri, 7 Jul 2023 09:47:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230104AbjGGNrd (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 7 Jul 2023 09:47:33 -0400 Received: from mail.astralinux.ru (mail.astralinux.ru [217.74.38.119]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CE7B102 for <linux-kernel@vger.kernel.org>; Fri, 7 Jul 2023 06:47:32 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id 4094818640EF; Fri, 7 Jul 2023 16:47:28 +0300 (MSK) Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Rlu8Olt3ypUm; Fri, 7 Jul 2023 16:47:28 +0300 (MSK) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id E7C5A1864A12; Fri, 7 Jul 2023 16:47:27 +0300 (MSK) X-Virus-Scanned: amavisd-new at astralinux.ru Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CVYtIonFtxSs; Fri, 7 Jul 2023 16:47:27 +0300 (MSK) Received: from rbta-msk-lt-106062.astralinux.ru (unknown [10.177.20.23]) by mail.astralinux.ru (Postfix) with ESMTPSA id B75FD18640EF; Fri, 7 Jul 2023 16:47:26 +0300 (MSK) From: Anastasia Belova <abelova@astralinux.ru> To: Rob Springer <rspringer@google.com> Cc: Anastasia Belova <abelova@astralinux.ru>, Todd Poynor <toddpoynor@google.com>, Ben Chan <benchan@chromium.org>, Richard Yeh <rcy@google.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, John Joseph <jnjoseph@google.com>, Simon Que <sque@chromium.org>, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH 5.10] gasket: make interrupt_data NULL after free Date: Fri, 7 Jul 2023 16:47:12 +0300 Message-Id: <20230707134712.7019-1-abelova@astralinux.ru> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770770733067620627?= X-GMAIL-MSGID: =?utf-8?q?1770770733067620627?= |
Series |
[5.10] gasket: make interrupt_data NULL after free
|
|
Commit Message
Anastasia Belova
July 7, 2023, 1:47 p.m. UTC
Gasket common interrupt module was deleted in version 5.13,
but there is possible double free in versions 4.19-5.12.
gasket_dev->interrupt_data should be NULL when
gasket_interrupt_init returns error. For example,
it is necessary in gasket_enable_device to avoid
double free.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 9a69f5087ccc ("drivers/staging: Gasket driver framework + Apex driver")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
---
drivers/staging/gasket/gasket_interrupt.c | 2 ++
1 file changed, 2 insertions(+)
Comments
On Fri, Jul 07, 2023 at 04:47:12PM +0300, Anastasia Belova wrote: > Gasket common interrupt module was deleted in version 5.13, > but there is possible double free in versions 4.19-5.12. > > gasket_dev->interrupt_data should be NULL when > gasket_interrupt_init returns error. For example, > it is necessary in gasket_enable_device to avoid > double free. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 9a69f5087ccc ("drivers/staging: Gasket driver framework + Apex driver") > Signed-off-by: Anastasia Belova <abelova@astralinux.ru> > --- > drivers/staging/gasket/gasket_interrupt.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/staging/gasket/gasket_interrupt.c b/drivers/staging/gasket/gasket_interrupt.c > index 864342acfd86..24fa5df0628b 100644 > --- a/drivers/staging/gasket/gasket_interrupt.c > +++ b/drivers/staging/gasket/gasket_interrupt.c > @@ -337,6 +337,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev) > sizeof(*interrupt_data->eventfd_ctxs), GFP_KERNEL); > if (!interrupt_data->eventfd_ctxs) { > kfree(interrupt_data); > + gasket_dev->interrupt_data = NULL; > return -ENOMEM; > } > > @@ -346,6 +347,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev) > if (!interrupt_data->interrupt_counts) { > kfree(interrupt_data->eventfd_ctxs); > kfree(interrupt_data); > + gasket_dev->interrupt_data = NULL; > return -ENOMEM; > } > > -- > 2.30.2 > As this can never happen in real life, and no one is using this code, I'm going to ignore this patch for now, sorry. greg k-h
diff --git a/drivers/staging/gasket/gasket_interrupt.c b/drivers/staging/gasket/gasket_interrupt.c index 864342acfd86..24fa5df0628b 100644 --- a/drivers/staging/gasket/gasket_interrupt.c +++ b/drivers/staging/gasket/gasket_interrupt.c @@ -337,6 +337,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev) sizeof(*interrupt_data->eventfd_ctxs), GFP_KERNEL); if (!interrupt_data->eventfd_ctxs) { kfree(interrupt_data); + gasket_dev->interrupt_data = NULL; return -ENOMEM; } @@ -346,6 +347,7 @@ int gasket_interrupt_init(struct gasket_dev *gasket_dev) if (!interrupt_data->interrupt_counts) { kfree(interrupt_data->eventfd_ctxs); kfree(interrupt_data); + gasket_dev->interrupt_data = NULL; return -ENOMEM; }