Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp2955784rdb; Tue, 26 Dec 2023 10:26:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IHTynPaWfJdyCRrXkd7lGt91OL0HVbMt797FYy97+qK5eYljF6ApfQ9skazYDWyKZJJqXkO X-Received: by 2002:a17:90a:4f05:b0:28c:7b92:47b3 with SMTP id p5-20020a17090a4f0500b0028c7b9247b3mr743840pjh.46.1703615211052; Tue, 26 Dec 2023 10:26:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703615211; cv=none; d=google.com; s=arc-20160816; b=cELM8BJnS9hTgfJx3afUmDYacE7D9j+0B+krbrzkT9I2eogoH2q7eg4T6GUz3deNy2 ds0YNxwm61yDtb/OI49djB4df8KJV4Nx4SIqrZb8hm/eOYfjCnxVyRlXuBgUsDl7xEGt OIsMOOKBV3XUQnjdDw0N3b4VcXB7v8UOIIRsJ888L7ZutCEWvJEdvxN1/jWUl9celkt6 qGE+o2lpDA+4TgxA61vwmFXgdfrTvP8fr3neyUrtTo6tJy/Kdc+TgCfAugRxMp/hUHSG 3Ur6zYtJMwCXWgkRsLqufuWtDP0UGXTX8ja9W1LbXg/0Fp/iKX+Eb8ow1Gpj3gxPxKN6 pPTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=ui-outboundreport:content-transfer-encoding:subject:from:cc :content-language:to:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=5cebwKoru6w46JtNcIdTgv4EgAKBq9AOC7czA5/Wbwg=; fh=NoAGYjyoXvVUAfeYm9GnYHta+BBAjvHMfHjn1tg7j+0=; b=jFZq1KOK7rOy2nj1Q/MffY1CdJdVpQo4mMGyjzwy/1JwTke8q0J86cHsslnw2PJx2i JQdlajhn0zEY6e6PO5IdmEXyrC6KsrSS9RL/1YuUeGGIXjtl84UXNAUkaDg459Yxb1xq FtTVPhMr1h6Wu7PPD8fecLqeajbHvrq2H8DXcWR2SnK5c5KrtBcqgYrg9RZ99BMpGWMy kqWpeIanBxg4XCqmsXhQ3eQf+OF+eFkE8WlPsg/D9qJHSyVnlRA1qauwgjRi08jJ5Fo0 p3tP58Q7pTcTm1hCabjxWr9x2ZJNGksgdGhQy28t34HvcCUSPeHtiUH2Cp9/Kw6+kcwn avpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@web.de header.s=s29768273 header.b=sXGNVCyp; spf=pass (google.com: domain of linux-kernel+bounces-11618-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-11618-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=web.de Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id w12-20020a17090a8a0c00b0028bc2e1bdbfsi9988579pjn.172.2023.12.26.10.26.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Dec 2023 10:26:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-11618-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@web.de header.s=s29768273 header.b=sXGNVCyp; spf=pass (google.com: domain of linux-kernel+bounces-11618-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-11618-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=web.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 826BAB22445 for ; Tue, 26 Dec 2023 18:25:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1CCAD5427A; Tue, 26 Dec 2023 18:24:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=web.de header.i=markus.elfring@web.de header.b="sXGNVCyp" X-Original-To: linux-kernel@vger.kernel.org Received: from mout.web.de (mout.web.de [212.227.17.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0410453E39; Tue, 26 Dec 2023 18:24:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=web.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=web.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1703615055; x=1704219855; i=markus.elfring@web.de; bh=f/Jl+Efb4DezWv7JjmB2u06F6X9iJ9wWuCDtqZqFeRI=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=sXGNVCypFGIAsK2RhOYeKeJcBXK67emWhsnUVXWiS516ZyuRkp7swYAV0uPfTp/s rf4/PxzykXj5No3yhYFHysooCljMX1Yc7znaiaz4B0eAgQGlK7rj38hdFkIiuy56J bmKQCEPGLwIO4O+mSGRvEaCkSvwqoLa3xO3uTI5l0VlB/glh8EFeN13xluHtoTXxy w0BsIZ/+mkgffR2WBfCDQA076d+IgxOtivut6fSRkSwrnCXSyZj59Ff5aoctIPUyd KMKrodkijx2nsde3PY5Kd9a2nEIEJ/zPTRCJZKpv45nmV4z4tZai4TPMTD38Gw4P+ Wbu/RU5+TVUEZBtUjg== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from [192.168.178.21] ([94.31.85.95]) by smtp.web.de (mrweb106 [213.165.67.124]) with ESMTPSA (Nemesis) id 1Mvslx-1r151E32WN-00sV6f; Tue, 26 Dec 2023 19:24:15 +0100 Message-ID: <3203eb44-6e69-4bda-b585-426408cb75ee@web.de> Date: Tue, 26 Dec 2023 19:24:14 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: bpf@vger.kernel.org, linux-input@vger.kernel.org, kernel-janitors@vger.kernel.org, Alexei Starovoitov , Benjamin Tissoires , David Vernet , Jiri Kosina Content-Language: en-GB Cc: LKML , cocci@inria.fr From: Markus Elfring Subject: [PATCH] HID: bpf: One function call less in call_hid_bpf_rdesc_fixup() after error detection Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:K8fF/UijAIywnS52YDqNMULxk3+NZg9vn/tgRlNElb24o0WwTPy VrprFxvBxar+Yk/bUyDiW3oFnHnY3d9QkFy4oTSTjHa+DVPlGrkiLHcX29RQV/JRckCY7tG tURb2Nx0wHr7uGfDz3PyL+uKqEFOyNqfdV4m/IyWF0bu/qPDYbW3StSulfsTU4PtarOzrSZ thlRopo4UMn+BP4/reC6Q== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:ACMj+myOfk8=;jpf3JzHWCKMdYEDE/lVe892U+x4 +ohp9E/66yrl6WArelsmeCzCtQLU5fI+nQz7+zbw8Rh7E4VS27xlSmLkUV5qOh2xnr6qIfy4Q 3dy+CqcHiggMWvfaECy2Z6m3vxQ9Bm0Mc5dyCpzFmkQzVujDTRaSu7DIVbCNe21prKltoKpXb tdocUzGGyrxAtCz8mFjQL3ZDccW8JMS8bw4ZkghMy4kpgCn2GkN2sjxSiwBbHV6nX0zRsZ0op QbnDeY5zK23XqNZovTNe+OHJudY1lRWl6kHVDBtaUM3xAOHHLd7O1v98JfVSfXaYXJzgG4/pK BDshva6Z4zkX+TQxn8Ft4yehcRikfPJ0NhDQW5K3HkxykkW6o09ES8fdGs/nKA5WNdgQalVG1 rFtwmh18kyx720dpBmhBcKqdu71ptDhEPPfdOk8mLJhlvxOvVVBH1vMBqBdDcjUY6s8J7o0Nd RLXVJ+bKBzm35jVdHDvLMzCUAbVJRYz6kURg7LnIPXfyXsnwUOtujb+yPPbb+1oRa4KloCizJ XFX0IGTJn2hIoSJOUnw0XGX7Ztpt0femIsvtemDdevZ0cAmIX3BvW2m3tjUX0g3TqmdILQQ2u YFg6ecDBEb0LpRy+SY5iaXrE7GKrO41zkVDwI32FG0l5Q5yR6Y/ey/onqVUyjNDdR5kERT1jf kt5JmgkuFbGtQt61GghABhN220XPNDtW6WjNRsoRYaqWDYcXoeim83XjKVapCm2gRt9Xyjzdn KBngG0gisHHl3IVS6KTFtGXXJ+lAUGsqERTaHsanM0N5Ue0UWO3obSXYryiqe+6wUB0VTX+IU t6FCx2S7nGCeseWuES59HYJybPKMQJEJVuSreQn2CvV9mIHPrQTyiORK4uLp+U/UWU0aTahmB Lhv7kA4oulJjI6g0RQA0wVC0fEzAksp+9AltVkfGI0P/MnG5P8tWuMIuVCJn7swQbV4NwKM3R h08qWA== From: Markus Elfring Date: Tue, 26 Dec 2023 19:13:25 +0100 The kfree() function was called in one case by the call_hid_bpf_rdesc_fixup() function during error handling even if the passed data structure member contained a null pointer. This issue was detected by using the Coccinelle software. Thus adjust jump targets. Signed-off-by: Markus Elfring =2D-- drivers/hid/bpf/hid_bpf_dispatch.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/hid/bpf/hid_bpf_dispatch.c b/drivers/hid/bpf/hid_bpf_= dispatch.c index d9ef45fcaeab..c84fe55be5ed 100644 =2D-- a/drivers/hid/bpf/hid_bpf_dispatch.c +++ b/drivers/hid/bpf/hid_bpf_dispatch.c @@ -118,17 +118,17 @@ u8 *call_hid_bpf_rdesc_fixup(struct hid_device *hdev= , u8 *rdesc, unsigned int *s ctx_kern.data =3D kzalloc(ctx_kern.ctx.allocated_size, GFP_KERNEL); if (!ctx_kern.data) - goto ignore_bpf; + goto dup_mem; memcpy(ctx_kern.data, rdesc, min_t(unsigned int, *size, HID_MAX_DESCRIPT= OR_SIZE)); ret =3D hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_RDESC_FIXUP, &ctx_kern)= ; if (ret < 0) - goto ignore_bpf; + goto free_data; if (ret) { if (ret > ctx_kern.ctx.allocated_size) - goto ignore_bpf; + goto free_data; *size =3D ret; } @@ -137,8 +137,9 @@ u8 *call_hid_bpf_rdesc_fixup(struct hid_device *hdev, = u8 *rdesc, unsigned int *s return rdesc; - ignore_bpf: +free_data: kfree(ctx_kern.data); +dup_mem: return kmemdup(rdesc, *size, GFP_KERNEL); } EXPORT_SYMBOL_GPL(call_hid_bpf_rdesc_fixup); =2D- 2.43.0