Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2646829pxb; Tue, 12 Oct 2021 10:33:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhegioH6d0EcJDa5bxESwFmHfcSLgYQrZXaI45IQCIUhIgF6n4k94LjW8tLA1glnmx1cTf X-Received: by 2002:a17:90a:cf10:: with SMTP id h16mr7398510pju.5.1634060028322; Tue, 12 Oct 2021 10:33:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634060028; cv=none; d=google.com; s=arc-20160816; b=YPRXwAYX1JNXhrCQgwNImI6C8DAaQRaHpbkCK40m0x4J2mPgnhPC/WhlvOA456+xUA b3ZIwE394j3MRU2JfhZmY67xWqV2dCDQ7QqUbbsJ37Ajm7slk3EJRQXEJHuTno/8bENL F2OuWcTsuzP4T8/8sgb6eAZw4ukZSTTnp5i2s98YeQ4nCYKYwreCWkU6gWSa6nguDerb 5iAVblkZWIKNRf8R9CobatmVy15uFORVHW0H/JWqI0p80O/AprwSPRrXITY1E1XxMrkm S2cQc5B/vAsjToNg49tMxRYpRsbX4bghg0GMw41uDIxhYYyvMpULmQnj/pY9Q2+xtGjr CjUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=LZKICKNAnObTFzQ9F7XWOBA0XUwHyYbLFkyZit+1d5g=; b=fO82Bs3we9cHEz2AdXHznV/2YnclnBJA0/CKnkm79TSeEj1LuE6kvWUv84wphliLXq 4g+i/ZGapdowOjxRSZeJc/+3JZs98ycYGvsIzPqM/cHSNY/yzklq3s1rxHenNWAfvM2S OgbbubefjwZz8iQh1ebRhh8V4czEqRQd6k+TUTvI6fcX41JxQ0EmODwVU6g1Uk+o4us4 koZ2i8H5GU5tbZIBXg3Nr225y/7mNZ22zLWhDymG7VljK3S43nqYp7YLGM589aho+03w /HngrHEli/yb45x5z5D7e9VZGCQiKXqqdwCrstz/W52RMPZjsk35jlqDSm6axN3mVP/l Gb5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Ij+FsFfZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id nu15si5344934pjb.179.2021.10.12.10.33.35; Tue, 12 Oct 2021 10:33:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Ij+FsFfZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232694AbhJLRdN (ORCPT + 99 others); Tue, 12 Oct 2021 13:33:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232509AbhJLRdM (ORCPT ); Tue, 12 Oct 2021 13:33:12 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60A55C061570; Tue, 12 Oct 2021 10:31:10 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id p13so2636256edw.0; Tue, 12 Oct 2021 10:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LZKICKNAnObTFzQ9F7XWOBA0XUwHyYbLFkyZit+1d5g=; b=Ij+FsFfZI5UX+Y/qkuz4aFB9eaxY2aKki5FdBkthomTCgMX1mQXlOVxw3evBC01YDZ xMDPplfMwa2CmCZCuSqA6OwINWKNLc8ejrwqjrzfjZX6QG6qAuD/ZR4kVbqogI8Ff1oh 7VR/hcT8+jfkazh8KwcsB47YQCA2JsfDP4CFRdFCKFaWx4qajvK5mLlIHmxIaIJUI5of LRgDTgsSfdR6Lak0/s2lRiozOhvK83+wXhOiPUWaM/UbXeqKZoxX4TcNh5s63iggw2Rr RBUN6DQbW5sIXPc+6gAiGTdA/iFMfkHQBOV1wXjKcXe+oiOXc0rIACrOroatr7YvE3zE jqRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LZKICKNAnObTFzQ9F7XWOBA0XUwHyYbLFkyZit+1d5g=; b=LZG7gpYy1e95DLd0UeKyAPjuqSxRcqqxZumcz9lV94yCTWymxkMVlveTEBNxrJRXC7 R2vC6tenIkYIDTUBncIpg9yQQHzXnEuwstctNZSuTRBiSiWJidapttc5cTKF2du6kyiT 7QEIl/a7ThBZIt9yHCdXL1lqbS4a449a4jAu5MGlNjcrpFS2hKZ3MRkCraRTWlMUmlfI nxcQd6VTbAey35iqMUTHVgENe9upI8f72bPx1IE17RNRWISp5gRN/SBEEwkVPwebSNlD gExFjAYX88TlcO5VI0SXDtz0N3si4SDNbkdxYQPK8LA9G8hnOTnKIv/Ktq1wwIyrISaJ MD2A== X-Gm-Message-State: AOAM530vsO/K7VwoQAYpHl8KPrkUeoDDCWFWAktbc5VtoGnFo3uZiNkK 13mDLo56WhGxX0zAfLefPyw11Fhl9WO2g+EYGBvhzQZoRswAjKiLvT0= X-Received: by 2002:a17:906:eb86:: with SMTP id mh6mr34846778ejb.141.1634059868894; Tue, 12 Oct 2021 10:31:08 -0700 (PDT) MIME-Version: 1.0 References: <20211012092513.1349295-1-yangyingliang@huawei.com> In-Reply-To: From: Andy Shevchenko Date: Tue, 12 Oct 2021 23:30:21 +0300 Message-ID: Subject: Re: [PATCH] iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask() To: Alexandru Ardelean Cc: Yang Yingliang , LKML , linux-iio , Lars-Peter Clausen , Jonathan Cameron Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 12, 2021 at 2:37 PM Alexandru Ardelean wrote: > > On Tue, Oct 12, 2021 at 12:18 PM Yang Yingliang > wrote: > > > > When __iio_buffer_alloc_sysfs_and_mask() failed, 'unwind_idx' should be > > set to 'i - 1' to prevent double-free when cleanup resources. > > > > BUG: KASAN: double-free or invalid-free in __iio_buffer_free_sysfs_and_mask+0x32/0xb0 [industrialio] > > Call Trace: > > kfree+0x117/0x4c0 > > __iio_buffer_free_sysfs_and_mask+0x32/0xb0 [industrialio] > > iio_buffers_alloc_sysfs_and_mask+0x60d/0x1570 [industrialio] > > __iio_device_register+0x483/0x1a30 [industrialio] > > ina2xx_probe+0x625/0x980 [ina2xx_adc] > > > > Makes sense. > Thanks for the catch. > > Reviewed-by: Alexandru Ardelean ... > > ret = __iio_buffer_alloc_sysfs_and_mask(buffer, indio_dev, i); > > if (ret) { > > - unwind_idx = i; > > + unwind_idx = i - 1; > > goto error_unwind_sysfs_and_mask; I prefer to see - for (; unwind_idx >= 0; unwind_idx--) { + while (unwind_idx--) instead. > > } > > } -- With Best Regards, Andy Shevchenko