1. Patchew
  2. linux
  3. View series

[PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

Aleksandr Mishin posted 1 patch 1 year, 8 months ago 
drivers/net/wwan/iosm/iosm_ipc_devlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
Posted by Aleksandr Mishin 1 year, 8 months ago 
In case of region creation fail in ipc_devlink_create_region(), previously
created regions delete process starts from tainted pointer which actually
holds error code value.
Fix this bug by decreasing region index before delete.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
---
 drivers/net/wwan/iosm/iosm_ipc_devlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wwan/iosm/iosm_ipc_devlink.c b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
index bef6819986e9..33d6342124bc 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_devlink.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_devlink.c
@@ -211,7 +211,7 @@ static int ipc_devlink_create_region(struct iosm_devlink *devlink)
 			rc = PTR_ERR(devlink->cd_regions[i]);
 			dev_err(devlink->dev, "Devlink region fail,err %d", rc);
 			/* Delete previously created regions */
-			for ( ; i >= 0; i--)
+			for (i--; i >= 0; i--)
 				devlink_region_destroy(devlink->cd_regions[i]);
 			goto region_create_fail;
 		}
-- 
2.30.2
Re: [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
Posted by Simon Horman 1 year, 8 months ago 
On Tue, Jun 04, 2024 at 11:25:00AM +0300, Aleksandr Mishin wrote:
> In case of region creation fail in ipc_devlink_create_region(), previously
> created regions delete process starts from tainted pointer which actually
> holds error code value.
> Fix this bug by decreasing region index before delete.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>

Reviewed-by: Simon Horman <horms@kernel.org>
Re: [PATCH net] net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
Posted by Sergey Ryazanov 1 year, 8 months ago 
On 04.06.2024 11:25, Aleksandr Mishin wrote:
> In case of region creation fail in ipc_devlink_create_region(), previously
> created regions delete process starts from tainted pointer which actually
> holds error code value.
> Fix this bug by decreasing region index before delete.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 4dcd183fbd67 ("net: wwan: iosm: devlink registration")
> Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>

Nice catch!

Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.