2019-07-30 23:15:43

by Amit Pundir

[permalink] [raw]
Subject: [PATCH for-4.14.y 3/3] crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe

From: Wen Yang <[email protected]>

commit 95566aa75cd6b3b404502c06f66956b5481194b3 upstream.

There is a possible double free issue in ppc4xx_trng_probe():

85: dev->trng_base = of_iomap(trng, 0);
86: of_node_put(trng); ---> released here
87: if (!dev->trng_base)
88: goto err_out;
...
110: ierr_out:
111: of_node_put(trng); ---> double released here
...

This issue was detected by using the Coccinelle software.
We fix it by removing the unnecessary of_node_put().

Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx")
Signed-off-by: Wen Yang <[email protected]>
Cc: <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: Allison Randal <[email protected]>
Cc: Armijn Hemel <[email protected]>
Cc: Julia Lawall <[email protected]>
Cc: [email protected]
Cc: [email protected]
Acked-by: Julia Lawall <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Amit Pundir <[email protected]>
---
Cleanly apply on 4.9.y as well.

drivers/crypto/amcc/crypto4xx_trng.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/crypto/amcc/crypto4xx_trng.c b/drivers/crypto/amcc/crypto4xx_trng.c
index 368c5599515e..a194ee0ddbb6 100644
--- a/drivers/crypto/amcc/crypto4xx_trng.c
+++ b/drivers/crypto/amcc/crypto4xx_trng.c
@@ -111,7 +111,6 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev)
return;

err_out:
- of_node_put(trng);
iounmap(dev->trng_base);
kfree(rng);
dev->trng_base = NULL;
--
2.7.4


2019-07-31 11:02:59

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH for-4.14.y 3/3] crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe

On Wed, Jul 31, 2019 at 01:48:33AM +0530, Amit Pundir wrote:
> From: Wen Yang <[email protected]>
>
> commit 95566aa75cd6b3b404502c06f66956b5481194b3 upstream.
>
> There is a possible double free issue in ppc4xx_trng_probe():
>
> 85: dev->trng_base = of_iomap(trng, 0);
> 86: of_node_put(trng); ---> released here
> 87: if (!dev->trng_base)
> 88: goto err_out;
> ...
> 110: ierr_out:
> 111: of_node_put(trng); ---> double released here
> ...
>
> This issue was detected by using the Coccinelle software.
> We fix it by removing the unnecessary of_node_put().
>
> Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx")
> Signed-off-by: Wen Yang <[email protected]>
> Cc: <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Thomas Gleixner <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Cc: Allison Randal <[email protected]>
> Cc: Armijn Hemel <[email protected]>
> Cc: Julia Lawall <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Acked-by: Julia Lawall <[email protected]>
> Signed-off-by: Herbert Xu <[email protected]>
> Signed-off-by: Amit Pundir <[email protected]>
> ---
> Cleanly apply on 4.9.y as well.

This is already in the 4.14.135 kernel release. Are you sure we need it
there again?

thanks,

greg k-h