netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
@ 2023-12-07 14:38 Zhipeng Lu
  2023-12-07 17:08 ` [EXT] " Suman Ghosh
  0 siblings, 1 reply; 5+ messages in thread
From: Zhipeng Lu @ 2023-12-07 14:38 UTC (permalink / raw)
  To: alexious
  Cc: Chris Snook, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Simon Horman, Yuanjun Gong, Jie Yang, Jeff Garzik,
	netdev, linux-kernel

In the error handling of 'offset > adapter->ring_size', the
tx_ring->tx_buffer allocated by kzalloc should be freed,
instead of 'goto failed' instantly.

Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
---
 drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
index 5935be190b9e..deb5a3f207cc 100644
--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
@@ -866,6 +866,7 @@ static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter)
 		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
 			   offset, adapter->ring_size);
 		err = -1;
+		kfree(tx_ring->tx_buffer);
 		goto failed;
 	}
 
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* RE: [EXT] [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
  2023-12-07 14:38 [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Zhipeng Lu
@ 2023-12-07 17:08 ` Suman Ghosh
  2023-12-07 17:42   ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Suman Ghosh @ 2023-12-07 17:08 UTC (permalink / raw)
  To: Zhipeng Lu
  Cc: Chris Snook, David S. Miller, Eric Dumazet, Jakub Kicinski,
	Paolo Abeni, Simon Horman, Yuanjun Gong, Jie Yang, Jeff Garzik,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org

>diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>index 5935be190b9e..deb5a3f207cc 100644
>--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>@@ -866,6 +866,7 @@ static int atl1e_setup_ring_resources(struct
>atl1e_adapter *adapter)
> 		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
> 			   offset, adapter->ring_size);
> 		err = -1;
>+		kfree(tx_ring->tx_buffer);
[Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free?
> 		goto failed;
> 	}
>
>--
>2.34.1
>


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [EXT] [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
  2023-12-07 17:08 ` [EXT] " Suman Ghosh
@ 2023-12-07 17:42   ` Jakub Kicinski
  2023-12-07 17:54     ` Suman Ghosh
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2023-12-07 17:42 UTC (permalink / raw)
  To: Suman Ghosh
  Cc: Zhipeng Lu, Chris Snook, David S. Miller, Eric Dumazet,
	Paolo Abeni, Simon Horman, Yuanjun Gong, Jie Yang, Jeff Garzik,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org

On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
> >+		kfree(tx_ring->tx_buffer);  
>
> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free?

It's up to the driver. Some may call that defensive programming.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [EXT] [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
  2023-12-07 17:42   ` Jakub Kicinski
@ 2023-12-07 17:54     ` Suman Ghosh
  2023-12-08  8:12       ` alexious
  0 siblings, 1 reply; 5+ messages in thread
From: Suman Ghosh @ 2023-12-07 17:54 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Zhipeng Lu, Chris Snook, David S. Miller, Eric Dumazet,
	Paolo Abeni, Simon Horman, Yuanjun Gong, Jie Yang, Jeff Garzik,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org

>On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
>> >+		kfree(tx_ring->tx_buffer);
>>
>> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid
>use after free?
>
>It's up to the driver. Some may call that defensive programming.
[Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: RE: [EXT] [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
  2023-12-07 17:54     ` Suman Ghosh
@ 2023-12-08  8:12       ` alexious
  0 siblings, 0 replies; 5+ messages in thread
From: alexious @ 2023-12-08  8:12 UTC (permalink / raw)
  To: Suman Ghosh
  Cc: Jakub Kicinski, Chris Snook, David S. Miller, Eric Dumazet,
	Paolo Abeni, Simon Horman, Yuanjun Gong, Jie Yang, Jeff Garzik,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org

> >On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
> >> >+		kfree(tx_ring->tx_buffer);
> >>
> >> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid
> >use after free?
> >
> >It's up to the driver. Some may call that defensive programming.
> [Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng.

[Zhipeng] I think Suman's suggestion is valuable, it prevents potiential use-after-free and is consistent with other free operations in the same module.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-12-08  8:13 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-07 14:38 [PATCH] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Zhipeng Lu
2023-12-07 17:08 ` [EXT] " Suman Ghosh
2023-12-07 17:42   ` Jakub Kicinski
2023-12-07 17:54     ` Suman Ghosh
2023-12-08  8:12       ` alexious

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).