| Message ID | 20231207143822.3358727-1-alexious@zju.edu.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp4825482vqy;
Thu, 7 Dec 2023 06:39:23 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IG9nXJCEbFJWEZ5FWWKK3x7A2akSi3QCINlwqVNKjjl9HIu8wVa9QErkS8cVYgjjGIQijj5
X-Received: by 2002:a05:6a21:7881:b0:190:c99:cfb8 with SMTP id
bf1-20020a056a21788100b001900c99cfb8mr663939pzc.81.1701959963270;
Thu, 07 Dec 2023 06:39:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701959963; cv=none;
d=google.com; s=arc-20160816;
b=L+UVWvwgE6JhrdbUNnAaKXEfEJD1oP0pNSom3f/r+UhrxCyJ3BKwBZuNz98eEEOddW
iHVp7I7IB8eNwrv9YIXc3dM5pYW+mEtqPGmxwRP5UqO9xPqrwXnL2sxGrqkJmjs0a86Z
uG86WtcXx5pS581UpCvFuqeCmvs26xd0G1IPvIYnUJWuv3YyrkLyqMomp699ZTDjSSM7
tIuQEDiC6b2DVBMHI/DrGxF9vqfhAcdt3T2+fA8wLHFvmFTIwYmKYw8S1EpJe2tTCLiI
ZB9X7wJIYkxUgAAceLYGvXpZrzZ8GZXBZNB51yOAlZFXel/ta2MntdX4glQgTniQh27t
T0Yg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=zacuxTmSId9qy32Lr9jCJyDDJdKZ9Gxy0wz10v2IAns=;
fh=7dBhDwlLSu4LpNvs6Ci/8kzDCbY2AHDy/bapchU2IsY=;
b=nBFdZ+j9zLYed81c3BDJrLr58Hw0KCX13lBU/cjKsv1e1Sg9ExC9RwszIWmse0O9gt
WagHuhsGcHElSx7BuxCsk3ry5hfd4bQp3dVw8e4DJLFi5XJY0Js/8MjIEniuD68H/xiO
MriuopfOki0FGLF1gVvjMLoOPQjjz0LQu83nOn8etHl2pJWoZX850CAuo9KfaE1kON1P
NLTFdGHdW2ViHOoUettzWW8gyg0YKipolDofaFqmliVd0gTbJhO1nBhmC1EZbN2yulbW
1QRW1dZfkqec1rr+zZwvIT+KuK/ttBDRxTRuyPiFpsIhTFoDtQdR7ecUcBhOHZ6PQTzo
/gdg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
by mx.google.com with ESMTPS id
u69-20020a638548000000b005c65bbc794asi1358724pgd.53.2023.12.07.06.39.22
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 07 Dec 2023 06:39:23 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 30ECE80BB22D;
Thu, 7 Dec 2023 06:39:17 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1443309AbjLGOjI (ORCPT <rfc822;pusanteemu@gmail.com>
+ 99 others); Thu, 7 Dec 2023 09:39:08 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52794 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S235280AbjLGOjH (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 7 Dec 2023 09:39:07 -0500
Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net
(zg8tmtyylji0my4xnjqumte4.icoremail.net [162.243.164.118])
by lindbergh.monkeyblade.net (Postfix) with ESMTP id 35B59AC;
Thu, 7 Dec 2023 06:39:11 -0800 (PST)
Received: from luzhipeng.223.5.5.5 (unknown [115.200.230.188])
by mail-app2 (Coremail) with SMTP id by_KCgDX3tb12HFlBRFZAA--.1750S2;
Thu, 07 Dec 2023 22:38:46 +0800 (CST)
From: Zhipeng Lu <alexious@zju.edu.cn>
To: alexious@zju.edu.cn
Cc: Chris Snook <chris.snook@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Yuanjun Gong <ruc_gongyuanjun@163.com>,
Jie Yang <jie.yang@atheros.com>,
Jeff Garzik <jgarzik@redhat.com>, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] ethernet: atheros: fix a memleak in
atl1e_setup_ring_resources
Date: Thu, 7 Dec 2023 22:38:19 +0800
Message-Id: <20231207143822.3358727-1-alexious@zju.edu.cn>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: by_KCgDX3tb12HFlBRFZAA--.1750S2
X-Coremail-Antispam: 1UD129KBjvdXoW7GF1ruw4kGF17GrWDtF48tFb_yoWftrb_Kw
4xWw18uan8tr1jkw42yr4ru3yvk34DWrs5Ca97KFW3Zw47Aw17uwnYgrn3Xr12gr4fJFy3
Ar1aqr18Aa4DKjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
9fnUUIcSsGvfJTRUUUbx8FF20E14v26r4j6ryUM7CY07I20VC2zVCF04k26cxKx2IYs7xG
6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8w
A2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j
6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV
Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0
I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r
4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628v
n2kIc2xKxwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F4
0E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw0_GFyl
IxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxV
AFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j
6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x0JUdHU
DUUUUU=
X-CM-SenderInfo: qrsrjiarszq6lmxovvfxof0/
X-Spam-Status: No,
score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Thu, 07 Dec 2023 06:39:17 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1784634370732940792
X-GMAIL-MSGID: 1784634370732940792
|
| Series |
ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
|
|
Commit Message
Zhipeng Lu
Dec. 7, 2023, 2:38 p.m. UTC
In the error handling of 'offset > adapter->ring_size', the
tx_ring->tx_buffer allocated by kzalloc should be freed,
instead of 'goto failed' instantly.
Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
---
drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 1 +
1 file changed, 1 insertion(+)
Comments
>diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c >b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c >index 5935be190b9e..deb5a3f207cc 100644 >--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c >+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c >@@ -866,6 +866,7 @@ static int atl1e_setup_ring_resources(struct >atl1e_adapter *adapter) > netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n", > offset, adapter->ring_size); > err = -1; >+ kfree(tx_ring->tx_buffer); [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free? > goto failed; > } > >-- >2.34.1 >
On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote: > >+ kfree(tx_ring->tx_buffer); > > [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free? It's up to the driver. Some may call that defensive programming.
>On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote: >> >+ kfree(tx_ring->tx_buffer); >> >> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid >use after free? > >It's up to the driver. Some may call that defensive programming. [Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng.
> >On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote: > >> >+ kfree(tx_ring->tx_buffer); > >> > >> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid > >use after free? > > > >It's up to the driver. Some may call that defensive programming. > [Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng. [Zhipeng] I think Suman's suggestion is valuable, it prevents potiential use-after-free and is consistent with other free operations in the same module.
diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c index 5935be190b9e..deb5a3f207cc 100644 --- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c @@ -866,6 +866,7 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter) netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n", offset, adapter->ring_size); err = -1; + kfree(tx_ring->tx_buffer); goto failed; }