From: Brian Gix <bgix@codeaurora.org>
To: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH-v4 6/9] Bluetooth: Cleanup blkcipher on SMP termination
Date: Tue, 22 Nov 2011 09:47:21 -0800 [thread overview]
Message-ID: <4ECBE029.7060406@codeaurora.org> (raw)
In-Reply-To: <20111121154829.GC2552@joana>
Hi Gustavo
On 11/21/2011 7:48 AM, Gustavo Padovan wrote:
[...]
>> void smp_chan_destroy(struct l2cap_conn *conn)
>> {
>> - kfree(conn->smp_chan);
>> + struct smp_chan *smp = conn->smp_chan;
>> +
>> + if (smp&& !IS_ERR(smp->tfm))
>> + crypto_free_blkcipher(smp->tfm);
>
> smp->tfm doesn't say what you want, if its allocation failed its value is
> still 0. And I don't think we need to check for smp == NULL. It can't be null
> at this point.
>
> Gustavo
OK, so I see that smp_>tfm will never equal an Error, so that check is
meaningless.
However, there are conditions where it can in fact be NULL,
particularily if the user aborts the paring process, and looking at the
blkcipher's FREE code, I am not confident that it couldn't get past the
"unlikely" NULL checks with all compilation parameters, so we should
keep at least a NULL check here.
As far as NULL checking "smp", I think we can avoid it, but only if we
make sure that we clear the HCI_CONN_LE_SMP_PEND bit within the destroy
function itself. A cursory look at the usage doesn't fill me with
confidence that the flag bit, and the allocation are rigorously kept in
sync.
--
Brian Gix
bgix@codeaurora.org
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
next prev parent reply other threads:[~2011-11-22 17:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-16 21:53 [PATCH-v4 0/9] Bluetooth: Add MITM protection to LE-SMP Brian Gix
2011-11-16 21:53 ` [PATCH-v4 1/9] Bluetooth: Add MGMT event for Passkey Entry Brian Gix
2011-11-17 0:57 ` Gustavo Padovan
2011-11-16 21:53 ` [PATCH-v4 2/9] Bluetooth: User Pairing Response restructuring Brian Gix
2011-11-21 15:58 ` Gustavo Padovan
2011-11-16 21:53 ` [PATCH-v4 3/9] Bluetooth: Differentiate LE User Pairing Responses Brian Gix
2011-11-21 15:58 ` Gustavo Padovan
2011-11-16 21:53 ` [PATCH-v4 4/9] Bluetooth: Add User Passkey Response handling Brian Gix
2011-11-21 15:32 ` Gustavo Padovan
2011-11-16 21:53 ` [PATCH-v4 5/9] Bluetooth: Add HCI User Passkey Req Evt handling Brian Gix
2011-11-16 23:47 ` Vinicius Costa Gomes
2011-11-21 15:35 ` Gustavo Padovan
2011-11-16 21:53 ` [PATCH-v4 6/9] Bluetooth: Cleanup blkcipher on SMP termination Brian Gix
2011-11-21 15:48 ` Gustavo Padovan
2011-11-22 17:47 ` Brian Gix [this message]
2011-11-16 21:53 ` [PATCH-v4 7/9] Bluetooth: Centralize SMP pairing failure handling Brian Gix
2011-11-16 21:53 ` [PATCH-v4 8/9] Bluetooth: Add MITM mechanism to LE-SMP Brian Gix
2011-11-17 0:15 ` Vinicius Costa Gomes
2011-11-16 21:53 ` [PATCH-v4 9/9] Bluetooth: Add SMP to User Passkey and Confirm Brian Gix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ECBE029.7060406@codeaurora.org \
--to=bgix@codeaurora.org \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).