Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1398526ybt; Sun, 14 Jun 2020 22:02:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBHOQQBAKT0HOfXWFmbxGBOSE/zQ3ZsD/bOxv5MUjdcIIpJaMV3FYIPeh718gcVwesrnUD X-Received: by 2002:a17:906:468e:: with SMTP id a14mr23835876ejr.124.1592197338072; Sun, 14 Jun 2020 22:02:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592197338; cv=none; d=google.com; s=arc-20160816; b=UmwgM6sABzLdAaSp07av6wxYPN5Rafnno39L8F5ovB7gohJGdy8LtsPnFP6OM6SLSh /qsDiNOQpN81RlDebq5eF1kwCyXDlAlrNZYrdouh741B4TBEUr333wnX1te//n5xy99U D4Tl/tFQnObrQTv40gMgQq8VCNXyAXtKBlEHNcYYMau8hnzzGpstlOI9QZm3VeAiaufo wVlZZHKdaYOQYlZLAlFZyHHbTBohQH+T5jeppVrNqZN9AGc+IdCAWjYcFhzFfDKmKaEb RMSVI7r5d5APIWVaSTygy8Ur/ZDl0K93miPMEkzv4/ujr4WdWkJWPBqbyc/Al/7YPc7n mOzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject; bh=8ZxUs6KEGzRGzgwFRkMNOrte1NAg8pXaIeTALh36AiE=; b=HoRHr8aKmvsXctKhI46jV9PSnkuD6AlK+jeHNNljWxj7UrUT9NMQ9pPrqLnFkpqWCd 5q2ect2bGmaittt3epfpySX0jvXrCp1MIke1p1kntzC7KqGliCtVrHZqh69YMXcnSeXV FPCv77At5vSrbDgM22VxbY2sX7O37d3YygRXEtO6kduZg9WVPnnfzZ8PxrIj8KICOJhy AxYVWZfvp74kd3M2K/86xtzf4Qi+blfciNA2wOpDNt8viwulK+TIOifl+Q1+7f2bND1f b3z4uBg8zKE5/IrVeanWsuq6lATQ9Iu0X0uGqn0hL5bGBj377vYuind/UgR45++4j2ej /wvA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k4si8275626ejg.386.2020.06.14.22.01.39; Sun, 14 Jun 2020 22:02:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727067AbgFOE4R (ORCPT + 99 others); Mon, 15 Jun 2020 00:56:17 -0400 Received: from mx2.suse.de ([195.135.220.15]:43070 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725786AbgFOE4Q (ORCPT ); Mon, 15 Jun 2020 00:56:16 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id BB0D7AF45; Mon, 15 Jun 2020 04:56:17 +0000 (UTC) Subject: Re: [PATCH] tty: serial_core: Fix uart_state leak when port shutdown To: Xiyu Yang , Greg Kroah-Hartman , linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org Cc: yuanxzhang@fudan.edu.cn, kjlu@umn.edu, Xin Tan References: <1592052665-95042-1-git-send-email-xiyuyang19@fudan.edu.cn> From: Jiri Slaby Autocrypt: addr=jslaby@suse.com; prefer-encrypt=mutual; keydata= mQINBE6S54YBEACzzjLwDUbU5elY4GTg/NdotjA0jyyJtYI86wdKraekbNE0bC4zV+ryvH4j rrcDwGs6tFVrAHvdHeIdI07s1iIx5R/ndcHwt4fvI8CL5PzPmn5J+h0WERR5rFprRh6axhOk rSD5CwQl19fm4AJCS6A9GJtOoiLpWn2/IbogPc71jQVrupZYYx51rAaHZ0D2KYK/uhfc6neJ i0WqPlbtIlIrpvWxckucNu6ZwXjFY0f3qIRg3Vqh5QxPkojGsq9tXVFVLEkSVz6FoqCHrUTx wr+aw6qqQVgvT/McQtsI0S66uIkQjzPUrgAEtWUv76rM4ekqL9stHyvTGw0Fjsualwb0Gwdx ReTZzMgheAyoy/umIOKrSEpWouVoBt5FFSZUyjuDdlPPYyPav+hpI6ggmCTld3u2hyiHji2H cDpcLM2LMhlHBipu80s9anNeZhCANDhbC5E+NZmuwgzHBcan8WC7xsPXPaiZSIm7TKaVoOcL 9tE5aN3jQmIlrT7ZUX52Ff/hSdx/JKDP3YMNtt4B0cH6ejIjtqTd+Ge8sSttsnNM0CQUkXps w98jwz+Lxw/bKMr3NSnnFpUZaxwji3BC9vYyxKMAwNelBCHEgS/OAa3EJoTfuYOK6wT6nadm YqYjwYbZE5V/SwzMbpWu7Jwlvuwyfo5mh7w5iMfnZE+vHFwp/wARAQABtBxKaXJpIFNsYWJ5 IDxqc2xhYnlAc3VzZS5jb20+iQI4BBMBAgAiBQJOkujrAhsDBgsJCAcDAgYVCAIJCgsEFgID AQIeAQIXgAAKCRC9JbEEBrRwSc1VD/9CxnyCYkBrzTfbi/F3/tTstr3cYOuQlpmufoEjCIXx PNnBVzP7XWPaHIUpp5tcweG6HNmHgnaJScMHHyG83nNAoCEPihyZC2ANQjgyOcnzDOnW2Gzf 8v34FDQqj8CgHulD5noYBrzYRAss6K42yUxUGHOFI1Ky1602OCBRtyJrMihio0gNuC1lE4YZ juGZEU6MYO1jKn8QwGNpNKz/oBs7YboU7bxNTgKrxX61cSJuknhB+7rHOQJSXdY02Tt31R8G diot+1lO/SoB47Y0Bex7WGTXe13gZvSyJkhZa5llWI/2d/s1aq5pgrpMDpTisIpmxFx2OEkb jM95kLOs/J8bzostEoEJGDL4u8XxoLnOEjWyT82eKkAe4j7IGQlA9QQR2hCMsBdvZ/EoqTcd SqZSOto9eLQkjZLz0BmeYIL8SPkgnVAJ/FEK44NrHUGzjzdkE7a0jNvHt8ztw6S+gACVpysi QYo2OH8hZGaajtJ8mrgN2Lxg7CpQ0F6t/N1aa/+A2FwdRw5sHBqA4PH8s0Apqu66Q94YFzzu 8OWkSPLgTjtyZcez79EQt02u8xH8dikk7API/PYOY+462qqbahpRGaYdvloaw7tOQJ224pWJ 4xePwtGyj4raAeczOcBQbKKW6hSH9iz7E5XUdpJqO3iZ9psILk5XoyO53wwhsLgGcrkCDQRO kueGARAAz5wNYsv5a9z1wuEDY5dn+Aya7s1tgqN+2HVTI64F3l6Yg753hF8UzTZcVMi3gzHC ECvKGwpBBwDiJA2V2RvJ6+Jis8paMtONFdPlwPaWlbOv4nHuZfsidXkk7PVCr4/6clZggGNQ qEjTe7Hz2nnwJiKXbhmnKfYXlxftT6KdjyUkgHAs8Gdz1nQCf8NWdQ4P7TAhxhWdkAoOIhc4 OQapODd+FnBtuL4oCG0c8UzZ8bDZVNR/rYgfNX54FKdqbM84FzVewlgpGjcUc14u5Lx/jBR7 ttZv07ro88Ur9GR6o1fpqSQUF/1V+tnWtMQoDIna6p/UQjWiVicQ2Tj7TQgFr4Fq8ZDxRb10 Zbeds+t+45XlRS9uexJDCPrulJ2sFCqKWvk3/kf3PtUINDR2G4k228NKVN/aJQUGqCTeyaWf fU9RiJU+sw/RXiNrSL2q079MHTWtN9PJdNG2rPneo7l0axiKWIk7lpSaHyzBWmi2Arj/nuHf Maxpc708aCecB2p4pUhNoVMtjUhKD4+1vgqiWKI6OsEyZBRIlW2RRcysIwJ648MYejvf1dzv mVweUa4zfIQH/+G0qPKmtst4t/XLjE/JN54XnOD/TO1Fk0pmJyASbHJQ0EcecEodDHPWP6bM fQeNlm1eMa7YosnXwbTurR+nPZk+TYPndbDf1U0j8n0AEQEAAYkCHwQYAQIACQUCTpLnhgIb DAAKCRC9JbEEBrRwSTe1EACA74MWlvIhrhGWd+lxbXsB+elmL1VHn7Ovj3qfaMf/WV3BE79L 5A1IDyp0AGoxv1YjgE1qgA2ByDQBLjb0yrS1ppYqQCOSQYBPuYPVDk+IuvTpj/4rN2v3R5RW d6ozZNRBBsr4qHsnCYZWtEY2pCsOT6BE28qcbAU15ORMq0nQ/yNh3s/WBlv0XCP1gvGOGf+x UiE2YQEsGgjs8v719sguok8eADBbfmumerh/8RhPKRuTWxrXdNq/pu0n7hA6Btx7NYjBnnD8 lV8Qlb0lencEUBXNFDmdWussMAlnxjmKhZyb30m1IgjFfG30UloZzUGCyLkr/53JMovAswmC IHNtXHwb58Ikn1i2U049aFso+WtDz4BjnYBqCL1Y2F7pd8l2HmDqm2I4gubffSaRHiBbqcSB lXIjJOrd6Q66u5+1Yv32qk/nOL542syYtFDH2J5wM2AWvfjZH1tMOVvVMu5Fv7+0n3x/9shY ivRypCapDfcWBGGsbX5eaXpRfInaMTGaU7wmWO44Z5diHpmQgTLOrN9/MEtdkK6OVhAMVenI w1UnZnA+ZfaZYShi5oFTQk3vAz7/NaA5/bNHCES4PcDZw7Y/GiIh/JQR8H1JKZ99or9LjFeg HrC8YQ1nzkeDfsLtYM11oC3peHa5AiXLmCuSC9ammQ3LhkfET6N42xTu2A== Message-ID: Date: Mon, 15 Jun 2020 06:56:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1 MIME-Version: 1.0 In-Reply-To: <1592052665-95042-1-git-send-email-xiyuyang19@fudan.edu.cn> Content-Type: text/plain; charset=iso-8859-2 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13. 06. 20, 14:51, Xiyu Yang wrote: > uart_shutdown() invokes uart_port_lock(), which returns a reference of > the uart_port object if increases the refcount of the uart_state object > successfully or returns NULL if fails. > > However, uart_shutdown() don't take the return value of uart_port_lock() > as the new uart_port object to "uport" and use the old "uport" instead > to balance refcount in uart_port_unlock(), which may cause a redundant > decrement of refcount occurred when the new "uport" equals to NULL and > then cause a potential memory leak. uport should be valid at that point and both the returned one and the used one should be the same. > Fix this issue by update the "uport" object to the return value of > uart_port_lock() when invoking uart_port_lock(). Do you actually encounter the issue or is this some static analyzer result? > Signed-off-by: Xiyu Yang > Signed-off-by: Xin Tan > --- > drivers/tty/serial/serial_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c > index 57840cf90388..ab8756ef2b60 100644 > --- a/drivers/tty/serial/serial_core.c > +++ b/drivers/tty/serial/serial_core.c > @@ -313,7 +313,7 @@ static void uart_shutdown(struct tty_struct *tty, struct uart_state *state) > * console driver may need to allocate/free a debug object, which > * can endup in printk() recursion. > */ > - uart_port_lock(state, flags); > + uport = uart_port_lock(state, flags); > xmit_buf = state->xmit.buf; > state->xmit.buf = NULL; > uart_port_unlock(uport, flags); > thanks, -- js suse labs