Message ID | 20240301022325.20861-1-hyperlyzcs@gmail.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:2097:b0:108:e6aa:91d0 with SMTP id gs23csp814126dyb; Thu, 29 Feb 2024 18:24:53 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV/fVQ8JijThCfvhF1eCKwspNhwpM2raT+GqTAsefoqmxTvyuqFN31W3RIp67693FrsNIOJkWWRhJI+BPT6l8e8DCBpbg== X-Google-Smtp-Source: AGHT+IEbVOOZhooqrYd1/WTp6Noa3LIECkF9KrcouDBnqLYGIHAoS4ou0M6/C1JuB5OVMfP/wyYP X-Received: by 2002:a17:902:b717:b0:1d9:bf6a:cffa with SMTP id d23-20020a170902b71700b001d9bf6acffamr375781pls.45.1709259893793; Thu, 29 Feb 2024 18:24:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709259893; cv=pass; d=google.com; s=arc-20160816; b=vDwMyzX2Yt3p7+WYs7XF6PWkgQxrKLO4HsR5WGxeSqaP96pAnWeGZM2gs5f8EhSOsz z2PpCuep8pVeqm7DBS5eWr5U5EC0L45nfN9KQ9r6hZyWtp3bQBrSePfZwCLo5f5YwQPC 8htKSy3h+uijxGqE+gPvtWuF0kfle5vCwMkmHQyoKQ/B3ipzpoTJI1zP2T/kB04bCUk2 pheRajL1jM6emN2mCv6x0HqokejppphZr7ZbWm2viTH4i0gaSfQXSqOuhErjR1teWA7b Zpy+BY7SS3KslkKsYTzt+js29zlL8s4SNZ/rD7OBebyh3GzZnHwRP8N/ovifRYD4TxCK 2u1Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=A7TTF4h++4LUefmTdShl2ARCsRJ9gzf0rRngFA47wRE=; fh=tdgrJ1qpPZyFvYIG1RPzHqQGx8rkvBBV5LTyj0Q8PBA=; b=Ct46V4zeokx9fjczt0AWjHP32aHmJ2o4mtKEGBZKBhKqN9UO0+lu5u1vNYdHXibypz if5IboDwX3c0ELzoY3nGynClEASlz8iLZVYT6WbikUP8xeNL3v1Gqsh8UvVRYfWtA1Bt VtGuRTU6FX4pRWO8NeGLmIhKl5nUxp3DqXBm3ImBrD/54EItdDaKXGNAD1wNrP9ThYSS xgIA14DNsvw7gkTIWZJ4G0KMUVkX3RaEeJY9PUWDpPfYmojx8GdDUsOlMqWwa4JuW+fD R/Dxt73yjp0GKtcJEWmYv2QA5bvx9/pzfLTv0pb4xzPAyhGNxJCCTDJ5OYfqKcK/l+hJ /E1A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=PozDELNI; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t15-20020a170902e84f00b001dcafec2295si2627017plg.405.2024.02.29.18.24.53 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 18:24:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=PozDELNI; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-87837-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9BD93282167 for <ouuuleilei@gmail.com>; Fri, 1 Mar 2024 02:24:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 17E643C478; Fri, 1 Mar 2024 02:23:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PozDELNI" Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA4523BB41; Fri, 1 Mar 2024 02:23:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709259818; cv=none; b=aNbU4DmzMVNx/4wUtRAxR4N1CUYH/WMVQ7bgb2giNOfv7Ghm5MUP9ii66EcwztRzCcq5n+Gq6nNx1l+2lmgeiZKDWxjHwPaw6D07tgI2lOLcKhz8hw+z3t05m7AQ02yVrdAO69TVcubNU7bvVB+Ssu1oZ2g48JCeELpr4BJwxv0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709259818; c=relaxed/simple; bh=D4v7OqiIcxtnB9pKJJT77NSxSlEQbl7AwhhYwqVhKYQ=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=hIlnvdOZgktQAZi4K3tvXRLWKOfOXNQxoqLcrxj49qQgvun1wKuzi4HfjUzev6m/8/jAc/4Zv/FrkyYYRi6JdHKxias5Qie6UpscuZ72JR1b219FwCT6PQuwB0Nazey+3AMqPhdlf+IiX+184/1fPMmaxbvFuF5fLE61gPpzN9U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PozDELNI; arc=none smtp.client-ip=209.85.210.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6da202aa138so1154378b3a.2; Thu, 29 Feb 2024 18:23:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709259816; x=1709864616; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=A7TTF4h++4LUefmTdShl2ARCsRJ9gzf0rRngFA47wRE=; b=PozDELNIFS83s/EJ5FTYZkTK9hyfkdVMbl3h+KebVhLbs+eUsE8z6k+U987MwNju3+ UbLKCHe3/CrLM24J42BDwHaJWfOvQp3ElN9huJ/R3ZWMgZfnLJ6RWSbWoChohXxu/K6Y sg/zhhfa7ZSrMC3NE4BCffMe904BY5bZX53d3in9Cbq1Clnb8wZQXmavIB6beEJCpEI8 mVvijg/0F1A3yhWYxJQKyxY2JHMe6lfYscQy/AP0dnkkQAlE5yQUiZ9nxxunHKD0HQ3f Jh0WjP8D6Xp1JSJ62gifgqgsc0LkGODrt/kKfWDJQpMKqygIXHH5P8YlUF2ddSp+kp/J TWMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709259816; x=1709864616; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=A7TTF4h++4LUefmTdShl2ARCsRJ9gzf0rRngFA47wRE=; b=RGAJ0fqnNLNkXuaV8EWNbQf+XBebVr+ZuUWk7sngVDBbQ1pjWEdj8ig9U/Ca4HarRl na5+vB1DNkb6UioRnADs95xvfsAua7iy6qILa+03IMcJqcOh9355ShWBY9KIENFxezgf s0EgyESw2lLvNk5rlWVEtRvR+NyPEx4bceB9Ag2/PUHu109Rgdb8nqeEqhZsFmYLK/e4 BBoH+BGA9iyx5wSvzixWvJrXKtR5P7UaT9tsihtZpOS2GS42b16n8aUN6EyyFggoaGl8 ZL4OHOunj7LGIXNwyZwed//5iIWuhkPscEaBlYPmvfCuA/FGCk9ijF9SlIU6FXniWs5Z lk8w== X-Forwarded-Encrypted: i=1; AJvYcCWdfJfVOxA07H7v6Zh3zc/bYE7q0Uap6PnxRfpWDlOiYwXzoo8B8ZbJc485x5ZC9fAOhZFEkkq7kLSm+CbBltQTm6XJvijNWTiubMnF X-Gm-Message-State: AOJu0YzjvhCF3VLd8OGgC1Gnc9mLi+FC2SovlUWrXvqwJDgO+hPh9K1p q6q8zRbl+KcNdgxOK3vTrGetMffOTqUZXiwFR1TXzQEPF9Nz8k2x4zINF/OtH5NKAQ== X-Received: by 2002:a05:6a00:1913:b0:6e5:5597:822d with SMTP id y19-20020a056a00191300b006e55597822dmr617763pfi.33.1709259815981; Thu, 29 Feb 2024 18:23:35 -0800 (PST) Received: from VM-147-239-centos.localdomain ([14.22.11.163]) by smtp.gmail.com with ESMTPSA id f22-20020a056a0022d600b006e0737f2bafsm1928824pfj.45.2024.02.29.18.23.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Feb 2024 18:23:35 -0800 (PST) From: hyper <hyperlyzcs@gmail.com> To: shannon.nelson@amd.com, brett.creeley@amd.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, jitxie@tencent.com, huntazhang@tencent.com, hyper <hyperlyzcs@gmail.com> Subject: [PATCH] pds_core: Fix possible double free in error handling path Date: Fri, 1 Mar 2024 10:23:25 +0800 Message-Id: <20240301022325.20861-1-hyperlyzcs@gmail.com> X-Mailer: git-send-email 2.36.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1792288902693003161 X-GMAIL-MSGID: 1792288902693003161 |
Series |
pds_core: Fix possible double free in error handling path
|
|
Commit Message
hyper
March 1, 2024, 2:23 a.m. UTC
When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release
calls kfree(padev) to free memory. We shouldn't call kfree(padev)
again in the error handling path.
Fix this by returning error directly after calling
auxiliary_device_uninit().
Fixes: 4569cce43bc6 ("pds_core: add auxiliary_bus devices")
Signed-off-by: hyper <hyperlyzcs@gmail.com>
---
drivers/net/ethernet/amd/pds_core/auxbus.c | 2 ++
1 file changed, 2 insertions(+)
Comments
On 2/29/2024 6:23 PM, hyper wrote: > Please specify the networking tree in your patch subject, something like [PATCH net] in this case. > > When auxiliary_device_add() returns error and then calls > auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release > calls kfree(padev) to free memory. We shouldn't call kfree(padev) > again in the error handling path. > > Fix this by returning error directly after calling > auxiliary_device_uninit(). > > Fixes: 4569cce43bc6 ("pds_core: add auxiliary_bus devices") > Signed-off-by: hyper <hyperlyzcs@gmail.com> > --- > drivers/net/ethernet/amd/pds_core/auxbus.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/net/ethernet/amd/pds_core/auxbus.c b/drivers/net/ethernet/amd/pds_core/auxbus.c > index 11c23a7f3172..d6eedd78d5cc 100644 > --- a/drivers/net/ethernet/amd/pds_core/auxbus.c > +++ b/drivers/net/ethernet/amd/pds_core/auxbus.c > @@ -174,6 +174,8 @@ static struct pds_auxiliary_dev *pdsc_auxbus_dev_register(struct pdsc *cf, > > err_out_uninit: > auxiliary_device_uninit(aux_dev); > + return ERR_PTR(err); > + > err_out: > kfree(padev); > return ERR_PTR(err); > -- > 2.36.1 > Yes, I think you've got the right idea here, and this is probably a reasonable solution. However, usually the error handling exit code stacks on itself, but here it becomes two separate independent chunks - a slightly different pattern. Since these are both very short bits I'd be tempted to "enhance" that independence by putting the error handling back to where the errors happened, something like diff --git a/drivers/net/ethernet/amd/pds_core/auxbus.c b/drivers/net/ethernet/amd/pds_core/auxbus.c index a3c79848a69a..2babea110991 100644 --- a/drivers/net/ethernet/amd/pds_core/auxbus.c +++ b/drivers/net/ethernet/amd/pds_core/auxbus.c @@ -160,23 +160,19 @@ static struct pds_auxiliary_dev *pdsc_auxbus_dev_register(struct pdsc *cf, if (err < 0) { dev_warn(cf->dev, "auxiliary_device_init of %s failed: %pe\n", name, ERR_PTR(err)); - goto err_out; + kfree(padev); + return ERR_PTR(err); } err = auxiliary_device_add(aux_dev); if (err) { dev_warn(cf->dev, "auxiliary_device_add of %s failed: %pe\n", name, ERR_PTR(err)); - goto err_out_uninit; + auxiliary_device_uninit(aux_dev); + return ERR_PTR(err); } return padev; - -err_out_uninit: - auxiliary_device_uninit(aux_dev); -err_out: - kfree(padev); - return ERR_PTR(err); } Some might disagree. I like this a little better, but I could go either way. Thoughts? sln
diff --git a/drivers/net/ethernet/amd/pds_core/auxbus.c b/drivers/net/ethernet/amd/pds_core/auxbus.c index 11c23a7f3172..d6eedd78d5cc 100644 --- a/drivers/net/ethernet/amd/pds_core/auxbus.c +++ b/drivers/net/ethernet/amd/pds_core/auxbus.c @@ -174,6 +174,8 @@ static struct pds_auxiliary_dev *pdsc_auxbus_dev_register(struct pdsc *cf, err_out_uninit: auxiliary_device_uninit(aux_dev); + return ERR_PTR(err); + err_out: kfree(padev); return ERR_PTR(err);