From nobody Sat Nov 23 01:03:16 2024 Received: from mail.nfschina.com (unknown [42.101.60.213]) by smtp.subspace.kernel.org (Postfix) with SMTP id 9264B57333; Fri, 15 Nov 2024 02:33:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=42.101.60.213 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731637984; cv=none; b=isybX8+GuG05GKZWTKWvpgw856/DFWhwpRsVAar9apxeJFHmwiPjTUr+rPvYcH8RkRaEQB81iDz2uMvg/cS8ZOz/0gl8T5Hihk1Dn2vKt0hMFFEzZ8vbjmwxZRe9g+UaQH2cDc+N877pBjjZXHlr463HZiOfXp0Tqfel924PtRg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731637984; c=relaxed/simple; bh=QbQ5UfyTZEJzQO34MWfS+X2qlDIJc6GDRUyFUdxypZA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:MIME-Version: Content-Type; b=inISUWy2tml01IZiTPwKpXpdbrzXOYU8iodpslfe7hq4medwCdRsXf5h69b7oGmtXApJsgSYb4/UI9+Z4WUP/02cfwGUb+BgNWNaURs9FWr8oqyC9GAx8AGcavAzze5wuBd11SblV1O/xb3rZcfIpw+uecBglxFCTBKAAOk9Xs0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com; spf=pass smtp.mailfrom=nfschina.com; arc=none smtp.client-ip=42.101.60.213 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nfschina.com Received: from localhost.localdomain (unknown [180.167.10.98]) by mail.nfschina.com (MailData Gateway V2.8.8) with ESMTPSA id B2CF26018EEEC; Fri, 15 Nov 2024 10:32:49 +0800 (CST) X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui To: stuyoder@gmail.com, laurentiu.tudor@nxp.com, nathan@kernel.org, ndesaulniers@google.com, morbo@google.com, justinstitt@google.com, dan.carpenter@linaro.org Cc: Su Hui , gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, kernel-janitors@vger.kernel.org Subject: [PATCH v2 1/2] bus: fsl-mc: Fix the double free in fsl_mc_device_add() Date: Fri, 15 Nov 2024 10:32:06 +0800 Message-Id: <20241115023206.3722933-2-suhui@nfschina.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20241115023206.3722933-1-suhui@nfschina.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Clang static checker(scan-build) warning=EF=BC=9A drivers/bus/fsl-mc/fsl-mc-bus.c: line 909, column 2 Attempt to free released memory. When 'obj_desc->type' =3D=3D "dprc" and begin to free 'mc_bus' and 'mc_dev', there is a double free problem because of 'mc_dev =3D &mc_bus->mc_dev'. Add a judgment to fix this problem. Fixes: a042fbed0290 ("staging: fsl-mc: simplify couple of deallocations") Signed-off-by: Su Hui Reviewed-by: Dan Carpenter --- v2: - using is_fsl_mc_bus_dprc(). =20 https://lore.kernel.org/all/20241114082751.3475110-1-suhui@nfschina.com/ drivers/bus/fsl-mc/fsl-mc-bus.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/bus/fsl-mc/fsl-mc-bus.c b/drivers/bus/fsl-mc/fsl-mc-bu= s.c index 930d8a3ba722..319a081a29ef 100644 --- a/drivers/bus/fsl-mc/fsl-mc-bus.c +++ b/drivers/bus/fsl-mc/fsl-mc-bus.c @@ -905,8 +905,10 @@ int fsl_mc_device_add(struct fsl_mc_obj_desc *obj_desc, =20 error_cleanup_dev: kfree(mc_dev->regions); - kfree(mc_bus); - kfree(mc_dev); + if (is_fsl_mc_bus_dprc(mc_dev)) + kfree(mc_bus); + else + kfree(mc_dev); =20 return error; } --=20 2.30.2 From nobody Sat Nov 23 01:03:16 2024 Received: from mail.nfschina.com (unknown [42.101.60.213]) by smtp.subspace.kernel.org (Postfix) with SMTP id 9269C155744; Fri, 15 Nov 2024 02:33:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=42.101.60.213 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731637986; cv=none; b=RbytC6M+HpGHRs3P/+Njl8kKhIZ4df9Tt+0NRX1UurqWyBdtNKBjQc52/CnCM1QUqr/u0mUymuHyURago5aYNnS+9odcBhnAdScEedrCLfv1hufMFTgV1ipwo2Mv0CNCERo2lS+aDoGz79sS+0sBKYcST2IJFokqje7YW7aSg6c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731637986; c=relaxed/simple; bh=CvB9tFJ7QO4YD8qv8a+rt1znPjEw4lHNGy078rWGdGs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:MIME-Version; b=HuuZKZ6bFJQY+kUqLBkjcSIGLl3+CnB2zxvChULba0g8zdvoX23lLP3zRgYt4TtyFBmCACjPexbPqBal1Nh5/XEtrmFZJI3NfgTzZGNYEc+jU8O6w2zPqcdoD1rdqF6mvXmxS0FJJB7KZaa1o3/zsy91rJMMfcWq51q5mjHgL0M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com; spf=pass smtp.mailfrom=nfschina.com; arc=none smtp.client-ip=42.101.60.213 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nfschina.com Received: from localhost.localdomain (unknown [180.167.10.98]) by mail.nfschina.com (MailData Gateway V2.8.8) with ESMTPSA id 82EC0619C974D; Fri, 15 Nov 2024 10:32:50 +0800 (CST) X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui To: stuyoder@gmail.com, laurentiu.tudor@nxp.com, dan.carpenter@linaro.org Cc: Su Hui , gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH v2 2/2] bus: fsl-mc: using put_device() when add_device() failed in fsl_mc_device_add() Date: Fri, 15 Nov 2024 10:32:07 +0800 Message-Id: <20241115023206.3722933-3-suhui@nfschina.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20241115023206.3722933-1-suhui@nfschina.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When device_add(&mc_dev->dev) failed, calling put_device() to let 'mc_dev->dev.release' free the resource rather than goto label error_cleanup_dev. Otherwise, it can cause double free problem. Reported-by: Dan Carpenter Closes: https://lore.kernel.org/all/b767348e-d89c-416e-acea-1ebbff3bea20@st= anley.mountain/ Fixes: 95b3523b723e ("staging: fsl-mc: add device release callback") Signed-off-by: Su Hui Reviewed-by: Dan Carpenter --- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/bus/fsl-mc/fsl-mc-bus.c b/drivers/bus/fsl-mc/fsl-mc-bu= s.c index 319a081a29ef..09f8772fed8f 100644 --- a/drivers/bus/fsl-mc/fsl-mc-bus.c +++ b/drivers/bus/fsl-mc/fsl-mc-bus.c @@ -895,7 +895,8 @@ int fsl_mc_device_add(struct fsl_mc_obj_desc *obj_desc, dev_err(parent_dev, "device_add() failed for device %s: %d\n", dev_name(&mc_dev->dev), error); - goto error_cleanup_dev; + put_device(&mc_dev->dev); + return error; } =20 dev_dbg(parent_dev, "added %s\n", dev_name(&mc_dev->dev)); --=20 2.30.2