* [bug report] rapidio: add mport char device driver
@ 2019-05-28 11:38 Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2019-05-28 11:38 UTC (permalink / raw)
To: kernel-janitors
Hello Alexandre Bounine,
The patch e8de370188d0: "rapidio: add mport char device driver" from
Mar 22, 2016, leads to the following static checker warning:
drivers/rapidio/devices/rio_mport_cdev.c:1694 rio_mport_add_riodev()
warn: '__dynamic_pr_debug' unterminated user string 'dev_info.name'
drivers/rapidio/devices/rio_mport_cdev.c
1676 static int rio_mport_add_riodev(struct mport_cdev_priv *priv,
1677 void __user *arg)
1678 {
1679 struct mport_dev *md = priv->md;
1680 struct rio_rdev_info dev_info;
1681 struct rio_dev *rdev;
1682 struct rio_switch *rswitch = NULL;
1683 struct rio_mport *mport;
1684 size_t size;
1685 u32 rval;
1686 u32 swpinfo = 0;
1687 u16 destid;
1688 u8 hopcount;
1689 int err;
1690
1691 if (copy_from_user(&dev_info, arg, sizeof(dev_info)))
^^^^^^^^
1692 return -EFAULT;
1693
1694 rmcd_debug(RDEV, "name:%s ct:0x%x did:0x%x hc:0x%x", dev_info.name,
^^^^^^^^^^^^^
The user might have forgotten to NUL terminate this string.
1695 dev_info.comptag, dev_info.destid, dev_info.hopcount);
1696
1697 if (bus_find_device_by_name(&rio_bus_type, NULL, dev_info.name)) {
1698 rmcd_debug(RDEV, "device %s already exists", dev_info.name);
1699 return -EEXIST;
1700 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] rapidio: add mport char device driver
2022-11-15 13:17 Dan Carpenter
@ 2022-11-15 13:25 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2022-11-15 13:25 UTC (permalink / raw)
To: Matt Porter, Alexandre Bounine; +Cc: kernel-janitors
Similar warnings in:
drivers/rapidio/devices/rio_mport_cdev.c:587 dma_req_free() error: dereferencing freed memory 'req->map'
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug report] rapidio: add mport char device driver
@ 2022-11-15 13:17 Dan Carpenter
2022-11-15 13:25 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2022-11-15 13:17 UTC (permalink / raw)
To: Matt Porter, Alexandre Bounine; +Cc: kernel-janitors
Hello Alexandre Bounine,
The patch e8de370188d0: "rapidio: add mport char device driver" from
Mar 22, 2016, leads to the following Smatch static checker warning:
drivers/rapidio/devices/rio_mport_cdev.c:2185 mport_mm_close()
error: dereferencing freed memory 'map'
drivers/rapidio/devices/rio_mport_cdev.c
2178 static void mport_mm_close(struct vm_area_struct *vma)
2179 {
2180 struct rio_mport_mapping *map = vma->vm_private_data;
2181
2182 rmcd_debug(MMAP, "%pad", &map->phys_addr);
2183 mutex_lock(&map->md->buf_mutex);
2184 kref_put(&map->ref, mport_release_mapping);
^^^^^^^^^^^^^^^^^^^^^
The mport_release_mapping() function frees "map".
--> 2185 mutex_unlock(&map->md->buf_mutex);
^^^
Use after free.
2186 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-15 13:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-28 11:38 [bug report] rapidio: add mport char device driver Dan Carpenter
2022-11-15 13:17 Dan Carpenter
2022-11-15 13:25 ` Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.