Re: [PATCH] Memory leak in tpm_ascii_bios_measurements_open() fix.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Reiner Sailer <sailer@us.ibm.com>
To: Jesper Juhl <jesper.juhl@gmail.com>
Cc: jesper.juhl@gmail.com, kjhall@linux.vnet.ibm.com,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Seiji Munetoh <munetoh@jp.ibm.com>,
	Reiner Sailer <sailer@watson.ibm.com>,
	stefanb@us.ibm.com
Subject: Re: [PATCH] Memory leak in tpm_ascii_bios_measurements_open() fix.
Date: Thu, 19 Jul 2007 23:33:01 -0400	[thread overview]
Message-ID: <46A02CED.7000309@us.ibm.com> (raw)

Jesper,

thank you very much for finding this error and for posting a patch 
proposal. Since Kylene is not online, I am responding. Please see my 
inlines and an alternative patch proposal below.

Jesper Juhl <jesper.juhl@gmail.com> wrote on 07/18/2007 07:11:54 PM:

 > Ehlo,
 >
 > Coverity found a memory leak in tpm_ascii_bios_measurements_open().
 >
 > If "read_log(log)" fails, then we may leak 'log' and
 > 'log->bios_event_log'.
 >
 > This patch should fix it, but please double check it. I don't know
 > this code very well and the patch has only been compile tested.
 >
 >
 > Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
 > ---
 >
 >  drivers/char/tpm/tpm_bios.c |   11 ++++++++---
 >  1 files changed, 8 insertions(+), 3 deletions(-)
 >
 > diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c
 > index 4eba32b..4b26ce4 100644
 > --- a/drivers/char/tpm/tpm_bios.c
 > +++ b/drivers/char/tpm/tpm_bios.c
 > @@ -427,7 +427,7 @@ static int
 > tpm_ascii_bios_measurements_open(struct inode *inode,
 >        return -ENOMEM;
 >  
 >     if ((err = read_log(log)))
 > -      return err;
 > +      goto out_free;


log->bios_event_log should not be pointing to allocated memory here
(seems cleaner if read_log cleans its allocated memory in the error case)
---> just free log


 >
 >     /* now register seq file */
 >     err = seq_open(file, &tpm_ascii_b_measurments_seqops);
 > @@ -435,10 +435,15 @@ static int
 > tpm_ascii_bios_measurements_open(struct inode *inode,
 >        seq = file->private_data;
 >        seq->private = log;
 >     } else {
 > -      kfree(log->bios_event_log);
 > -      kfree(log);
 > +      goto out_free;
 >     }
 > +
 > +out:
 >     return err;
 > +out_free:
 > +   kfree(log->bios_event_log);
 > +   kfree(log);
 > +   goto out;
 >  }
 >  
 >  const struct file_operations tpm_ascii_bios_measurements_ops = {
 >
 >

The following patch should be sufficient to fix the problem you discovered:
---
 drivers/char/tpm/tpm_bios.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Index: linux-2.6.22-rc7/drivers/char/tpm/tpm_bios.c
===================================================================
--- linux-2.6.22-rc7.orig/drivers/char/tpm/tpm_bios.c
+++ linux-2.6.22-rc7/drivers/char/tpm/tpm_bios.c
@@ -426,9 +426,10 @@ static int tpm_ascii_bios_measurements_o
     if (!log)
         return -ENOMEM;
 
-    if ((err = read_log(log)))
+    if ((err = read_log(log))) {
+        kfree(log);
         return err;
-
+    }
     /* now register seq file */
     err = seq_open(file, &tpm_ascii_b_measurments_seqops);
     if (!err) {

Do you agree?

Greetings
Reiner

next             reply	other threads:[~2007-07-20  3:33 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-20  3:33 Reiner Sailer [this message]
2007-07-20  4:07 ` [PATCH] Memory leak in tpm_ascii_bios_measurements_open() fix Satyam Sharma
2007-07-20  4:20   ` Yinghai Lu
2007-07-20  4:36     ` Satyam Sharma
  -- strict thread matches above, loose matches on Subject: below --
2007-07-18 23:11 Jesper Juhl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46A02CED.7000309@us.ibm.com \
    --to=sailer@us.ibm.com \
    --cc=jesper.juhl@gmail.com \
    --cc=kjhall@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=munetoh@jp.ibm.com \
    --cc=sailer@watson.ibm.com \
    --cc=stefanb@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.