Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2662127pxb; Tue, 12 Oct 2021 10:52:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwmz6GukXTjk6b/avGFmN04jjKYRHd2gf0IVkh0UIXOILwqv/sIfqeQKR3xZSOd1uo1DzVG X-Received: by 2002:a05:6402:3588:: with SMTP id y8mr1517805edc.285.1634061123041; Tue, 12 Oct 2021 10:52:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634061123; cv=none; d=google.com; s=arc-20160816; b=vlWeKdgfU+8eQPWKLZsv79BNUwx2aGT/6E0zmJY8/lD7u3/mJLpREqQRGEL3j3Texo pZR5R8zoXvNmAXcZy9Sa0JRlQcYVTG12dr0W2Wwa/6qNYZp6GFPJw/I1wRcnmwihYBLg c9cXx/NvGlE5oGjSLVjCUswDtpLOZxffzlh+575YQM6iSsDigwM7gMf64OfqqggtOY+c Er2/olZS+6C4MzMnuz45QeaSH4CdE87seOh8uYMrFLDCZDI+5KyiJ+UK8rDaIhnE62Hf aM6JAm7hfh8dwU2Cp5+ACbMD3ID/mjrll7q+bh6I71ZPVcogc1i23IsQAMBd01ut5A9v kUDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=11bwNe2+F48KthW6TCzMCLhbY7ty428AnAz5bOQsr34=; b=eBOKGXEdiYfgFO0e4+cu07JIiRidiBoC9fP7r604ImAoXpQ5l3Z9h7SpvqNmBAWZMU C5tSq5fGRNqeaiE+n4PK/iXMxpEmn+lgKL5YJb1tyXE75bAk573ucRfgtSbO50BKK4KZ pi72wJZbxzTGaeQyWdZQKyvEvakQRbWjgvTVd/m9b1RAqNzyniUAsHNAdTpqMUr75PFJ ze1AP2dXCIrOcAMoI2y4Pb2H5aWRU0UrP0sFwg0uRfJ4e78tgcywYdbAbtHT38KvTZ+z DnMYKblgb5XzW60fpA9JY6Iiv664Gh3wISQoEKOlI2VQyqKnkDOBcLUIK2RopC2O2bZk tsFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=oSNloqaM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l3si27050098ejo.634.2021.10.12.10.51.39; Tue, 12 Oct 2021 10:52:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=oSNloqaM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230522AbhJLRvi (ORCPT + 99 others); Tue, 12 Oct 2021 13:51:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229495AbhJLRvh (ORCPT ); Tue, 12 Oct 2021 13:51:37 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B17E9C061570; Tue, 12 Oct 2021 10:49:35 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id p13so2830187edw.0; Tue, 12 Oct 2021 10:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=11bwNe2+F48KthW6TCzMCLhbY7ty428AnAz5bOQsr34=; b=oSNloqaM6CESIFbiqQWkAHdLvqg1CDTN46iitH5sWC+tW0qBFRetcQXr4gtK6a9G3v WFOk0gE7PVv4tQOlNw/F0uZofjFTJvdmRSWoLW1xq1aYUlT6Y7qSJf1Op6VFwQewU+m8 YYKGSi7r8BstULxp6iansr+DUBhmMJx/nf6cJry48EwBxat+76hN6LYLqeT5bfSqnN95 zGaBZNhBnFjuSLa6za1lEcX2/FAxigcxqYWvzjSFEXJbW+TelJj/tg/pOEoIqQ+49/vf KM7XGOJw8d+TxN7SgTl7lrvQNUXqoz0kCS7GyJ7elX767qbcwzi5BPqZLm34hEyzqkbW 3Y3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=11bwNe2+F48KthW6TCzMCLhbY7ty428AnAz5bOQsr34=; b=Ezru54kVpQmOOKuyC0M2YI1SIW5R0FHV5evGkuG/xsyaBk+g8KHbGwERNYrEBcXBpA cmdFnYoA9RU/XcvzYhkNb48mTQ+yXKlXQUESbgPQfcXIK92vBAJ6ypcVf/LEGVm5DFrV sXw4U0hcRIA+my6Paf4IKPuhEu8b79gLkerBYod185DoHumHiQBVt8sUuaEV481Al4qO XfFNsQQuUnbktyggLmv4PGWhhBhyc7lLy1P8rvs40Yo8aT84H/21SrIymm+GRTS7AEzG WzGmcjs9Rd3UVj2EB9urWnqZpfZDKycmXkRrQB/0g5ANiS6Z7w5PV4wb/EGmEQBl1Py8 bVjA== X-Gm-Message-State: AOAM530FFDaKOoDEspO5nb0Gsuc7SJ6eVkye+jT+nkIIRcny3g63PU2b X0ctlfjZb6yxCPzxQ2toDz5gSlaYpKb5+NRbBr4= X-Received: by 2002:a05:6402:10da:: with SMTP id p26mr1580110edu.283.1634060974214; Tue, 12 Oct 2021 10:49:34 -0700 (PDT) MIME-Version: 1.0 References: <20211012092513.1349295-1-yangyingliang@huawei.com> <61c28865036cd40a96f2d1bb4c27fbbb08c2d3a5.camel@perches.com> In-Reply-To: <61c28865036cd40a96f2d1bb4c27fbbb08c2d3a5.camel@perches.com> From: Andy Shevchenko Date: Tue, 12 Oct 2021 23:48:46 +0300 Message-ID: Subject: Re: [PATCH] iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask() To: Joe Perches Cc: Alexandru Ardelean , Yang Yingliang , LKML , linux-iio , Lars-Peter Clausen , Jonathan Cameron Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 12, 2021 at 8:43 PM Joe Perches wrote: > > On Tue, 2021-10-12 at 23:30 +0300, Andy Shevchenko wrote: > > On Tue, Oct 12, 2021 at 2:37 PM Alexandru Ardelean > > wrote: > > > > > > On Tue, Oct 12, 2021 at 12:18 PM Yang Yingliang > > > wrote: > > > > > > > > When __iio_buffer_alloc_sysfs_and_mask() failed, 'unwind_idx' should be > > > > set to 'i - 1' to prevent double-free when cleanup resources. > [] > > > > I prefer to see > > > > - for (; unwind_idx >= 0; unwind_idx--) { > > + while (unwind_idx--) > > Not the same code as unwind_idx would be decremented before entering > the code block. It's kinda cryptic what you are pointing out. What's needed additionally is to change - unwind_idx = iio_dev_opaque->attached_buffers_cnt - 1; + unwind_idx = i; > You'd want > > do { > ... > } while (unwind_idx--); Of course not. See above. The usual pattern is while (i--) do_clean_item(i); -- With Best Regards, Andy Shevchenko