* [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add()
@ 2024-11-15 2:32 Su Hui
2024-11-15 2:32 ` [PATCH v2 1/2] bus: fsl-mc: Fix the double free " Su Hui
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Su Hui @ 2024-11-15 2:32 UTC (permalink / raw)
To: stuyoder, laurentiu.tudor, nathan, ndesaulniers, morbo,
justinstitt, dan.carpenter
Cc: Su Hui, gregkh, linux-kernel, llvm, kernel-janitors
This patchset fixes two double free problems in fsl_mc_device_add().
One is reported by clang static checker, another is reported by Dan when
reviewing the code.
ps: There is only patch 1 in v1 patch, patch 2 has no v1 version.
v1: https://lore.kernel.org/all/20241114082751.3475110-1-suhui@nfschina.com/
Su Hui (2):
bus: fsl-mc: Fix the double free in fsl_mc_device_add()
bus: fsl-mc: using put_device() when add_device() failed in
fsl_mc_device_add()
drivers/bus/fsl-mc/fsl-mc-bus.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] bus: fsl-mc: Fix the double free in fsl_mc_device_add()
2024-11-15 2:32 [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add() Su Hui
@ 2024-11-15 2:32 ` Su Hui
2024-11-15 2:32 ` [PATCH v2 2/2] bus: fsl-mc: using put_device() when add_device() failed " Su Hui
2024-11-15 8:24 ` [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems " Dan Carpenter
2 siblings, 0 replies; 4+ messages in thread
From: Su Hui @ 2024-11-15 2:32 UTC (permalink / raw)
To: stuyoder, laurentiu.tudor, nathan, ndesaulniers, morbo,
justinstitt, dan.carpenter
Cc: Su Hui, gregkh, linux-kernel, llvm, kernel-janitors
Clang static checker(scan-build) warning:
drivers/bus/fsl-mc/fsl-mc-bus.c: line 909, column 2
Attempt to free released memory.
When 'obj_desc->type' == "dprc" and begin to free 'mc_bus' and 'mc_dev',
there is a double free problem because of 'mc_dev = &mc_bus->mc_dev'.
Add a judgment to fix this problem.
Fixes: a042fbed0290 ("staging: fsl-mc: simplify couple of deallocations")
Signed-off-by: Su Hui <suhui@nfschina.com>
---
v2:
- using is_fsl_mc_bus_dprc().
https://lore.kernel.org/all/20241114082751.3475110-1-suhui@nfschina.com/
drivers/bus/fsl-mc/fsl-mc-bus.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/bus/fsl-mc/fsl-mc-bus.c b/drivers/bus/fsl-mc/fsl-mc-bus.c
index 930d8a3ba722..319a081a29ef 100644
--- a/drivers/bus/fsl-mc/fsl-mc-bus.c
+++ b/drivers/bus/fsl-mc/fsl-mc-bus.c
@@ -905,8 +905,10 @@ int fsl_mc_device_add(struct fsl_mc_obj_desc *obj_desc,
error_cleanup_dev:
kfree(mc_dev->regions);
- kfree(mc_bus);
- kfree(mc_dev);
+ if (is_fsl_mc_bus_dprc(mc_dev))
+ kfree(mc_bus);
+ else
+ kfree(mc_dev);
return error;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] bus: fsl-mc: using put_device() when add_device() failed in fsl_mc_device_add()
2024-11-15 2:32 [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add() Su Hui
2024-11-15 2:32 ` [PATCH v2 1/2] bus: fsl-mc: Fix the double free " Su Hui
@ 2024-11-15 2:32 ` Su Hui
2024-11-15 8:24 ` [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems " Dan Carpenter
2 siblings, 0 replies; 4+ messages in thread
From: Su Hui @ 2024-11-15 2:32 UTC (permalink / raw)
To: stuyoder, laurentiu.tudor, dan.carpenter
Cc: Su Hui, gregkh, linux-kernel, kernel-janitors
When device_add(&mc_dev->dev) failed, calling put_device() to let
'mc_dev->dev.release' free the resource rather than goto label
error_cleanup_dev. Otherwise, it can cause double free problem.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/b767348e-d89c-416e-acea-1ebbff3bea20@stanley.mountain/
Fixes: 95b3523b723e ("staging: fsl-mc: add device release callback")
Signed-off-by: Su Hui <suhui@nfschina.com>
---
drivers/bus/fsl-mc/fsl-mc-bus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/fsl-mc/fsl-mc-bus.c b/drivers/bus/fsl-mc/fsl-mc-bus.c
index 319a081a29ef..09f8772fed8f 100644
--- a/drivers/bus/fsl-mc/fsl-mc-bus.c
+++ b/drivers/bus/fsl-mc/fsl-mc-bus.c
@@ -895,7 +895,8 @@ int fsl_mc_device_add(struct fsl_mc_obj_desc *obj_desc,
dev_err(parent_dev,
"device_add() failed for device %s: %d\n",
dev_name(&mc_dev->dev), error);
- goto error_cleanup_dev;
+ put_device(&mc_dev->dev);
+ return error;
}
dev_dbg(parent_dev, "added %s\n", dev_name(&mc_dev->dev));
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add()
2024-11-15 2:32 [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add() Su Hui
2024-11-15 2:32 ` [PATCH v2 1/2] bus: fsl-mc: Fix the double free " Su Hui
2024-11-15 2:32 ` [PATCH v2 2/2] bus: fsl-mc: using put_device() when add_device() failed " Su Hui
@ 2024-11-15 8:24 ` Dan Carpenter
2 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2024-11-15 8:24 UTC (permalink / raw)
To: Su Hui
Cc: stuyoder, laurentiu.tudor, nathan, ndesaulniers, morbo,
justinstitt, gregkh, linux-kernel, llvm, kernel-janitors
On Fri, Nov 15, 2024 at 10:32:05AM +0800, Su Hui wrote:
> This patchset fixes two double free problems in fsl_mc_device_add().
> One is reported by clang static checker, another is reported by Dan when
> reviewing the code.
>
> ps: There is only patch 1 in v1 patch, patch 2 has no v1 version.
>
> v1: https://lore.kernel.org/all/20241114082751.3475110-1-suhui@nfschina.com/
>
> Su Hui (2):
> bus: fsl-mc: Fix the double free in fsl_mc_device_add()
> bus: fsl-mc: using put_device() when add_device() failed in
> fsl_mc_device_add()
Thanks!
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-11-15 8:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-15 2:32 [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems in fsl_mc_device_add() Su Hui
2024-11-15 2:32 ` [PATCH v2 1/2] bus: fsl-mc: Fix the double free " Su Hui
2024-11-15 2:32 ` [PATCH v2 2/2] bus: fsl-mc: using put_device() when add_device() failed " Su Hui
2024-11-15 8:24 ` [PATCH v2 0/2] bus: fsl-mc: Fix two double free problems " Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox