Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp2012223rwa; Sun, 21 Aug 2022 23:51:22 -0700 (PDT) X-Google-Smtp-Source: AA6agR5FHas/hGf+/rJDhWFyxZD+569ZEjs1Iodl9Xn/Q7kYx++ghTTU4JepaELtIQQabfgc0ZX6 X-Received: by 2002:a17:906:6a02:b0:730:9f44:2bff with SMTP id qw2-20020a1709066a0200b007309f442bffmr11986230ejc.209.1661151082056; Sun, 21 Aug 2022 23:51:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661151082; cv=none; d=google.com; s=arc-20160816; b=kg4xQiN/JG0F4V8TyolMjR/j6FwqEh+vYzuZgRtc4GieqQ0dvqSzgoe6lYAwlwx0bk pcLHDhmZLFgKUDMa3a0Ou9CHR6/2AMTLVksxbPETkoBsrYnkKLYqSvH4Dl0EmDSxi/18 xRvNYpl1i/IvPXMhonwnP8f+C3yT/FQoM5WVbZrWkJ55o7mI+fdddy8HZUCNUzhRCYVD gyHTGcP6VCSKcjt2+gcBoB8Pxc7wlK6oxa1EVT6fmYhJgN7hjWLIlrRYiL0YnRDzsr9O aSmZT+dkLwMAGNXb2K1t4zyf8bK3UM7zsuwNKraXEPHuzYPG6lCeJDErhx01melDFLgz 2oUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=7Tvk7DSZ0Iw2CosrQ4N9rsHiG92xZPdxjPbzoA47ZSA=; b=eEVe6qKkP/tli5cNdOEu5Uv4m3sswWfmCLZO7vI8lJhVwH8pA7TSSlcbHH+qDvW9iK sVKXUarzALEK3Jw4sL9Q2m0ubZNNRDLV7kO3Bcj/scdJ9kPz+inGsRMIad70yZnnr8ys K2jBP/KrVYzj1Ru6aZZNjqAWKVblrQFDGvj+MmGtf/ChHYIGgQ5+b6L9f6D/MZ/mqhPc jKtqGhimx2K7smI0zEHGNltKUooYHmX14exZSx299RPVssB1QypR3hyvy1jAZlPeIYpG iZqHGgiCgG0TLQYqvsBcTgqkX7MF3Z2CjrQY+7tMJeFru0xSjIRlrL23w3tyZ1cTTf7Z TZMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YeePvfB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qb33-20020a1709077ea100b0073d6c50d34esi4087379ejc.732.2022.08.21.23.50.56; Sun, 21 Aug 2022 23:51:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YeePvfB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233159AbiHVGku (ORCPT + 99 others); Mon, 22 Aug 2022 02:40:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233357AbiHVGkp (ORCPT ); Mon, 22 Aug 2022 02:40:45 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2019D167E7 for ; Sun, 21 Aug 2022 23:40:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B0F0560F9E for ; Mon, 22 Aug 2022 06:40:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3D1BC433D6; Mon, 22 Aug 2022 06:40:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1661150444; bh=1vA4LOeYUtlGGv+ga5N0aMSRXGkgcXHijyOH7UzS+EI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YeePvfB3hQF+BEjvSqNFt8uuiEp1yZSkVCUzuheGS0ktGURaQ+muWXN8eeN2nTy9W 9Umnv/VKvIuAq0vSuA2+4TLq9JMXH218ksj1Td8FFDv/IIt0KWvPkr+BDA5Y+NTt0Z gLYwRfvv1C0b8enugCOO8ORsbodhdsPX16Gd7o1Sz7rK4a4224dJg05nicP7nR64GW Wbx+i9YsnuDmrFU+GTFuKWvzwrEM+LURz61i3sXGDr210YQtzDc25dNfCLJWr8+HUi z4bulQU/K0z4E3aEDgrlJBVYPItuuPn0KZ0ZwfzIvJQ6YnnZ5cvpJ013luYWfpGWku wCvRazRwql/1Q== Date: Mon, 22 Aug 2022 06:40:40 +0000 From: Tzung-Bi Shih To: Rustam Subkhankulov Cc: Benson Leung , Dmitry Torokhov , chrome-platform@lists.linux.dev, linux-kernel@vger.kernel.org, Alexey Khoroshilov , ldv-project@linuxtesting.org Subject: Re: [PATCH] platform/chrome: fix double-free in chromeos_laptop_prepare() Message-ID: References: <20220813220843.2373004-1-subkhankulov@ispras.ru> <7d4dd8009a777a7d32f4872dc0285878dbbb91b8.camel@ispras.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <7d4dd8009a777a7d32f4872dc0285878dbbb91b8.camel@ispras.ru> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Aug 20, 2022 at 08:05:13PM +0300, Rustam Subkhankulov wrote: > On Mon, 2022-08-15 at 05:00 +0000, Tzung-Bi Shih wrote: > > Alternatively, I would prefer to fix the double-free by setting > > `i2c_peripherals` to NULL after [1]. > > Since 'cros_laptop->num_i2c_peripherals' is assigned with nonzero value > (otherwise the code on 'err_out' is not executed), setting > 'i2c_peripherals' to NULL after [1] will cause dereferencing of > NULL pointer in chromeos_laptop_destroy() at [2]. > > [1]: > https://elixir.bootlin.com/linux/v5.19/source/drivers/platform/chrome/chromeos_laptop.c#L787 > [2]: > https://elixir.bootlin.com/linux/v5.19/source/drivers/platform/chrome/chromeos_laptop.c#L860 > > > After a quick glance, I found an invalid memory access at [2] if > > `i2c_peripherals` is NULL (see [3]).? > > After applying the patch, there will be no invalid memory access at [2] > if 'i2c_peripherals' is NULL, because in this situation > 'cros_laptop->num_i2c_peripherals' is zero and there is no single > iteration of the loop. Thanks, I see. I overlooked the `num_i2c_peripherals`.