Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp338940ybt; Fri, 10 Jul 2020 00:50:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxaGKo+7YrIe07KaW3I8SAVN67Cy7LKta2abGGzwu1I/l8QxvTzkEw17CGyQ1dhQ/JWZB5Y X-Received: by 2002:a17:906:8688:: with SMTP id g8mr59064959ejx.505.1594367446938; Fri, 10 Jul 2020 00:50:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594367446; cv=none; d=google.com; s=arc-20160816; b=A6DBwFrhPFHT3vtsWfv8psYdZh72NicTGhG9gTq2/7Vs77G9Lb0os8udxpF1hVA9zO 7DkXRjpFcJ10tkYAo1BW6PTlLeLzVm4ZNPbafKNAG7LxgKxtyHUbDf5XX5y/MmjsIJNw uxFWseR6GDGcJloqSIeMSL+1NXQXWjGqq3kccLicmhsut9vckl/cXM+CQ6LRMY39SSs2 48COlvE63qheIAdrz3ooIPpx5witZ5O904BewPXH0EEJCGQ9Zl02LATNLmw0pmA5/Mrq h/K8qw0UyRegfsBldiVOOFFdSfx7mPd9Gb8qFSovOk9nvqGQxDaHQtuZlRCmVqTShycr er6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=Pld8wSB6FKCy6xCuc0ymK94JDiU39N6Dhfe7h8UlG10=; b=UddP+iB0pD6J8u8VM/ElQMk82cUAJs0xnj3U2jY4e9Fba87yfvxBkRc9zIbJ99Jn3e ydUY30EFKyPOkUTV4qewtD6Y3BtlnZd+v3NjOOKs0+RMbJop1SsCUJSjNvp4r0TKrw8I p6d0DaQE+SUJnOEfDOJz0MCOi0n4Ub/MCluYMjybhGETxWi35U6qeM/kf3UAHBx8bI4Y ZzYAtJdo6ovls74rhXKPuwVHHOZPIqxM1+KsUMlf8MTmFJtyBWc/z4yNiKi+P8FhINP3 6fx9ihfeQMsqaJ86xiCn5LeEstzuhJruzdvhNXtP1iU9Puo2R91liz9kOFl+OUs3GiJ3 zu4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XjXzhynP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x15si3368212ejc.115.2020.07.10.00.50.23; Fri, 10 Jul 2020 00:50:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XjXzhynP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726664AbgGJHsA (ORCPT + 99 others); Fri, 10 Jul 2020 03:48:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:38682 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726288AbgGJHr7 (ORCPT ); Fri, 10 Jul 2020 03:47:59 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8133D206A5; Fri, 10 Jul 2020 07:47:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594367279; bh=Czp+iUVSYddYrsMk7jxb00FNGqS6qkilhOBeFNdRf9o=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XjXzhynPX8+zn/6APk/ebUGfFppkLn7g19XzESmYHZA9vZmb0ul4lybT1w7Oh1Lto P6o9P5qvh2vaKwxSMVIDcSPsEQYWwbxLH1zkm1Q1Fm/KgDbSmpnlueVgr7dzPosnA2 6ADH8bCs+3EDwoN7JF0c3goV9GLOuma1Dachihww= Date: Fri, 10 Jul 2020 09:48:04 +0200 From: Greg KH To: trix@redhat.com Cc: stuyoder@gmail.com, laurentiu.tudor@nxp.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] bus: fsl-mc: fix invalid free in fsl_mc_device_add Message-ID: <20200710074804.GE1179998@kroah.com> References: <20200709153119.5051-1-trix@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200709153119.5051-1-trix@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 09, 2020 at 08:31:19AM -0700, trix@redhat.com wrote: > From: Tom Rix > > clang static analysis flags this error > > fsl-mc-bus.c:695:2: warning: Attempt to free released memory [unix.Malloc] > kfree(mc_dev); > ^~~~~~~~~~~~~ > > The problem block of code is > > mc_bus = kzalloc(sizeof(*mc_bus), GFP_KERNEL); > if (!mc_bus) > return -ENOMEM; > > mc_dev = &mc_bus->mc_dev; > > mc_bus's structure contains a mc_dev element, > freeing it later is not appropriate. > > So check if mc_bus was allocated before freeing mc_dev > > This is a case where checkpatch > > WARNING: kfree(NULL) is safe and this check is probably not required > + if (mc_bus) > + kfree(mc_bus); > > is wrong. > > Fixes: a042fbed0290 ("staging: fsl-mc: simplify couple of deallocations") > > Signed-off-by: Tom Rix > --- > v1: add a comment to explain freeing uniqueness > v2: add gregkh's suggestion to comment. > > drivers/bus/fsl-mc/fsl-mc-bus.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/drivers/bus/fsl-mc/fsl-mc-bus.c b/drivers/bus/fsl-mc/fsl-mc-bus.c > index 40526da5c6a6..839d96d03f0d 100644 > --- a/drivers/bus/fsl-mc/fsl-mc-bus.c > +++ b/drivers/bus/fsl-mc/fsl-mc-bus.c > @@ -691,8 +691,16 @@ int fsl_mc_device_add(struct fsl_mc_obj_desc *obj_desc, > > error_cleanup_dev: > kfree(mc_dev->regions); > - kfree(mc_bus); > - kfree(mc_dev); > + /* > + * mc_bus allocates a private version of mc_dev > + * it is not appropriate to free the private version. > + * Which means we have to check the pointer before freeing it. > + * Do not remove this check. > + */ > + if (mc_bus) > + kfree(mc_bus); > + else > + kfree(mc_dev); > > return error; > } > -- > 2.18.1 > Reviewed-by: Greg Kroah-Hartman Also add a cc: stable to this please when it is applied to a tree, in the proper place, as it fixes a bug. thanks, greg k-h