From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 021F4C433FE for ; Fri, 7 Jan 2022 01:35:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345197AbiAGBfO (ORCPT ); Thu, 6 Jan 2022 20:35:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344075AbiAGBfN (ORCPT ); Thu, 6 Jan 2022 20:35:13 -0500 Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7376C061245; Thu, 6 Jan 2022 17:35:13 -0800 (PST) Received: by mail-ot1-x335.google.com with SMTP id 45-20020a9d0a30000000b0058f1a6df088so5080046otg.4; Thu, 06 Jan 2022 17:35:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ywgP16oIByxs3QRc1jRR8SDOEZAjX7UvCJxKV2kqOV4=; b=mrh3lTBfiCf9J3eoPKI+PHd5CE9aD3+kFjRQfweXdWxj2krX/eCoEgC7mVPKYr74gZ P/HEUv5RFc2St+AKt7HMKIMFEkr4FCRMn1fj7sygol6eKBjN+qjVF6mPw8QemvhQfQUX fy+fhqkdqps5pcjkrbYQY7br0upRvbac5nqLmAvkNT9mX3npgkWdp4+yJDMPIhidv567 Y+Z1Xx4dp80BZ6SLHQIyDhWu9NFPdZ7dityC2PUpF1PjJDpLfLHynmPPUhQOWtK8/3ET quxN83kXsgTIyeRE63Kfp//5zNXmybkCy8FbmSjyxSpbJSbIYWfaD5mPZ+k3VOxb/olz afyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ywgP16oIByxs3QRc1jRR8SDOEZAjX7UvCJxKV2kqOV4=; b=thnI3qhAdu0N+1gMGbcUfR1tN/DLpKqpqcm5A1+2lN5qYdtFrSJO52TWC1G5p0vhZU gs1Bue+5j/GXzFbeMcpt7JeSMBbBjAFahhOPBFMhCIIhehdxkSmK8JHLM/5zvhueFuMr ugpcPUtTeI7FCNFcU12JIt/FkLmgcloGLyszZGqcMwHf690cbUK45iYxCo2RodP6kiG6 CJrKgMctXQBEpfBl10YXcr6QeKhUliGsPa2+s7XXvhCh0f7gOPGBD2Pvx/N+AFtbHl0y 7RjaAwpIVQR16DtLT/Dk8XVfQGJA4X2VfonnRrud7ctdo31iLfXMSjqceBO19/LnGk3P ClXA== X-Gm-Message-State: AOAM5339F/eg+pIVXIuF6dAiVNPLH5SuvRE7fDxSP8qbu6Ld3qCSIiEj yb1to+hbSNuKtfjaO9j2yh7HF2Lu99E= X-Google-Smtp-Source: ABdhPJzeCW7OSrCBMsXcTSnyd7bsXkRM9ty/z7avlBtYxITWKpHY+umUnWdwBOBO03dkTdkW5XM2mA== X-Received: by 2002:a05:6830:2:: with SMTP id c2mr44862275otp.341.1641519312889; Thu, 06 Jan 2022 17:35:12 -0800 (PST) Received: from server.roeck-us.net ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id k1sm658659otj.61.2022.01.06.17.35.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 06 Jan 2022 17:35:12 -0800 (PST) Sender: Guenter Roeck Subject: Re: [PATCH] fsi: Aspeed: Fix a potential double free To: Christophe JAILLET , Dan Carpenter , Greg KH Cc: kernel-janitors@vger.kernel.org, linux-aspeed@lists.ozlabs.org, alistair@popple.id.au, linux-kernel@vger.kernel.org, linux-fsi@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org References: <2cafa0607ca171ebd00ac6c7e073b46808e24f00.1640537669.git.christophe.jaillet@wanadoo.fr> <20220106081418.GH7674@kadam> From: Guenter Roeck Message-ID: <6926bb63-836b-b37c-3605-d6df9992bfaf@roeck-us.net> Date: Thu, 6 Jan 2022 17:35:10 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/6/22 10:35 AM, Christophe JAILLET wrote: > Le 06/01/2022 à 18:25, Guenter Roeck a écrit : >> On 1/6/22 12:14 AM, Dan Carpenter wrote: >>> On Mon, Dec 27, 2021 at 07:29:07AM +0100, Greg KH wrote: >>>> On Sun, Dec 26, 2021 at 05:56:02PM +0100, Christophe JAILLET wrote: >>>>> 'aspeed' is a devm_alloc'ed, so there is no need to free it explicitly or >>>>> there will be a double free(). >>>> >>>> A struct device can never be devm_alloced for obvious reasons.  Perhaps >>>> that is the real problem here? >>>> >>> >>> I don't understand how "aspeed" is a struct device. >>> >> >> -static void aspeed_master_release(struct device *dev) >> -{ >> -    struct fsi_master_aspeed *aspeed = >> -        to_fsi_master_aspeed(dev_to_fsi_master(dev)); >> - >> -    kfree(aspeed); >> -} >> >> So "dev" is embedded in struct fsi_master, and struct fsi_master is embedded >> in struct fsi_master_aspeed. Since "struct device" is embedded, the data >> structure embedding it must be released with the release function, as is done >> here. The problem is indeed that the data structure is allocated with >> devm_kzalloc(), which as Greg points out must not be devm_ allocated >> (because its lifetime does not match the lifetime of devm_ allocated >> memory). > > Thanks a lot for the detailed explanation. > Crystal clear for me now. > > Do you want me to send a patch to remove the devm_ or will you? > Sorry, I am way behind with code reviews. I won't have time to submit a patch. Guenter From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BB5B5C433EF for ; Fri, 7 Jan 2022 01:36:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fii1cJsFSDQXopnxfiNrlyQEKQK18xeMepPMyOwVsIw=; b=F//h3lZjgRR9rCl184G94JjS7b Xji/SURDFVoVaQdwW6gtrJ01oEg3X9tzCq5S5yoeWUI29Dx0HyjPFvxAfpz/GB4aUBzIa+yn44PhV KssNlv7ePnQMcTWmqPP1OOGmaNCDYfMmVjLjOfrzvBhaoL0N0ayDGkmyN0ArET9iJQ1nat/lRvGwh a0qFfEw4Eog8/PKU+D5vJYDFL/EBa558CeBILcShogVuiU+rZ2hGiVBu0srgkVpearrU849/+wEg2 xpAn8PlFodap79Ty82qjWbUHajT/+4qdXA/G9+jtxSYcnZDJ93V685vbw8duU1WJKlxQFluObW9Q6 93SMCulQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n5eA1-001nts-SO; Fri, 07 Jan 2022 01:35:18 +0000 Received: from mail-ot1-x32c.google.com ([2607:f8b0:4864:20::32c]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1n5e9y-001ntX-1h for linux-arm-kernel@lists.infradead.org; Fri, 07 Jan 2022 01:35:15 +0000 Received: by mail-ot1-x32c.google.com with SMTP id p8-20020a9d7448000000b005907304d0c5so5079631otk.6 for ; Thu, 06 Jan 2022 17:35:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ywgP16oIByxs3QRc1jRR8SDOEZAjX7UvCJxKV2kqOV4=; b=mrh3lTBfiCf9J3eoPKI+PHd5CE9aD3+kFjRQfweXdWxj2krX/eCoEgC7mVPKYr74gZ P/HEUv5RFc2St+AKt7HMKIMFEkr4FCRMn1fj7sygol6eKBjN+qjVF6mPw8QemvhQfQUX fy+fhqkdqps5pcjkrbYQY7br0upRvbac5nqLmAvkNT9mX3npgkWdp4+yJDMPIhidv567 Y+Z1Xx4dp80BZ6SLHQIyDhWu9NFPdZ7dityC2PUpF1PjJDpLfLHynmPPUhQOWtK8/3ET quxN83kXsgTIyeRE63Kfp//5zNXmybkCy8FbmSjyxSpbJSbIYWfaD5mPZ+k3VOxb/olz afyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ywgP16oIByxs3QRc1jRR8SDOEZAjX7UvCJxKV2kqOV4=; b=K3wQAaHkTHORLQXdKAKS4h3gE5okQ5/itq3InB3WBV19++6wmBZVrBP2FLHu4yKfhf UZLjQHlitJvOKg/U8clgqyD3EaUfr6QDpSRHM+Abz2YP85n7hEJEjAEqT0jEziNTspZt 1iM6xtnANQ/Pky34BGpGfh2SWChm+CcVbFjTtYOuOl3stgf1UI7RbO9vQlO7ovAnero3 uILZpwgAJhotSBe8TGEPET3AXx4JhTRpn9NfU+qUNa+AZcGFplWl5dZcPPJDsgCIfwhR 310+vfYyPv4MXKE4G/HheeK613Dw0nn6q68CwnqnazgLLd5GIzxG0ITJexNWqrK1JFBo L+Zg== X-Gm-Message-State: AOAM532KyZQABiOResigrBCOZZwGwdpF4TX+YmzYIY9avZNLwhjhJuwp kbvMGc7YT4ois5o+6GyYfJDn0DQQKG8= X-Google-Smtp-Source: ABdhPJzeCW7OSrCBMsXcTSnyd7bsXkRM9ty/z7avlBtYxITWKpHY+umUnWdwBOBO03dkTdkW5XM2mA== X-Received: by 2002:a05:6830:2:: with SMTP id c2mr44862275otp.341.1641519312889; Thu, 06 Jan 2022 17:35:12 -0800 (PST) Received: from server.roeck-us.net ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id k1sm658659otj.61.2022.01.06.17.35.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 06 Jan 2022 17:35:12 -0800 (PST) Subject: Re: [PATCH] fsi: Aspeed: Fix a potential double free To: Christophe JAILLET , Dan Carpenter , Greg KH Cc: kernel-janitors@vger.kernel.org, linux-aspeed@lists.ozlabs.org, alistair@popple.id.au, linux-kernel@vger.kernel.org, linux-fsi@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org References: <2cafa0607ca171ebd00ac6c7e073b46808e24f00.1640537669.git.christophe.jaillet@wanadoo.fr> <20220106081418.GH7674@kadam> From: Guenter Roeck Message-ID: <6926bb63-836b-b37c-3605-d6df9992bfaf@roeck-us.net> Date: Thu, 6 Jan 2022 17:35:10 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220106_173514_119555_9C90DF51 X-CRM114-Status: GOOD ( 19.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gMS82LzIyIDEwOjM1IEFNLCBDaHJpc3RvcGhlIEpBSUxMRVQgd3JvdGU6Cj4gTGUgMDYvMDEv MjAyMiDDoCAxODoyNSwgR3VlbnRlciBSb2VjayBhIMOpY3JpdMKgOgo+PiBPbiAxLzYvMjIgMTI6 MTQgQU0sIERhbiBDYXJwZW50ZXIgd3JvdGU6Cj4+PiBPbiBNb24sIERlYyAyNywgMjAyMSBhdCAw NzoyOTowN0FNICswMTAwLCBHcmVnIEtIIHdyb3RlOgo+Pj4+IE9uIFN1biwgRGVjIDI2LCAyMDIx IGF0IDA1OjU2OjAyUE0gKzAxMDAsIENocmlzdG9waGUgSkFJTExFVCB3cm90ZToKPj4+Pj4gJ2Fz cGVlZCcgaXMgYSBkZXZtX2FsbG9jJ2VkLCBzbyB0aGVyZSBpcyBubyBuZWVkIHRvIGZyZWUgaXQg ZXhwbGljaXRseSBvcgo+Pj4+PiB0aGVyZSB3aWxsIGJlIGEgZG91YmxlIGZyZWUoKS4KPj4+Pgo+ Pj4+IEEgc3RydWN0IGRldmljZSBjYW4gbmV2ZXIgYmUgZGV2bV9hbGxvY2VkIGZvciBvYnZpb3Vz IHJlYXNvbnMuwqAgUGVyaGFwcwo+Pj4+IHRoYXQgaXMgdGhlIHJlYWwgcHJvYmxlbSBoZXJlPwo+ Pj4+Cj4+Pgo+Pj4gSSBkb24ndCB1bmRlcnN0YW5kIGhvdyAiYXNwZWVkIiBpcyBhIHN0cnVjdCBk ZXZpY2UuCj4+Pgo+Pgo+PiAtc3RhdGljIHZvaWQgYXNwZWVkX21hc3Rlcl9yZWxlYXNlKHN0cnVj dCBkZXZpY2UgKmRldikKPj4gLXsKPj4gLcKgwqDCoCBzdHJ1Y3QgZnNpX21hc3Rlcl9hc3BlZWQg KmFzcGVlZCA9Cj4+IC3CoMKgwqDCoMKgwqDCoCB0b19mc2lfbWFzdGVyX2FzcGVlZChkZXZfdG9f ZnNpX21hc3RlcihkZXYpKTsKPj4gLQo+PiAtwqDCoMKgIGtmcmVlKGFzcGVlZCk7Cj4+IC19Cj4+ Cj4+IFNvICJkZXYiIGlzIGVtYmVkZGVkIGluIHN0cnVjdCBmc2lfbWFzdGVyLCBhbmQgc3RydWN0 IGZzaV9tYXN0ZXIgaXMgZW1iZWRkZWQKPj4gaW4gc3RydWN0IGZzaV9tYXN0ZXJfYXNwZWVkLiBT aW5jZSAic3RydWN0IGRldmljZSIgaXMgZW1iZWRkZWQsIHRoZSBkYXRhCj4+IHN0cnVjdHVyZSBl bWJlZGRpbmcgaXQgbXVzdCBiZSByZWxlYXNlZCB3aXRoIHRoZSByZWxlYXNlIGZ1bmN0aW9uLCBh cyBpcyBkb25lCj4+IGhlcmUuIFRoZSBwcm9ibGVtIGlzIGluZGVlZCB0aGF0IHRoZSBkYXRhIHN0 cnVjdHVyZSBpcyBhbGxvY2F0ZWQgd2l0aAo+PiBkZXZtX2t6YWxsb2MoKSwgd2hpY2ggYXMgR3Jl ZyBwb2ludHMgb3V0IG11c3Qgbm90IGJlIGRldm1fIGFsbG9jYXRlZAo+PiAoYmVjYXVzZSBpdHMg bGlmZXRpbWUgZG9lcyBub3QgbWF0Y2ggdGhlIGxpZmV0aW1lIG9mIGRldm1fIGFsbG9jYXRlZAo+ PiBtZW1vcnkpLgo+IAo+IFRoYW5rcyBhIGxvdCBmb3IgdGhlIGRldGFpbGVkIGV4cGxhbmF0aW9u Lgo+IENyeXN0YWwgY2xlYXIgZm9yIG1lIG5vdy4KPiAKPiBEbyB5b3Ugd2FudCBtZSB0byBzZW5k IGEgcGF0Y2ggdG8gcmVtb3ZlIHRoZSBkZXZtXyBvciB3aWxsIHlvdT8KPiAKClNvcnJ5LCBJIGFt IHdheSBiZWhpbmQgd2l0aCBjb2RlIHJldmlld3MuIEkgd29uJ3QgaGF2ZSB0aW1lIHRvIHN1Ym1p dCBhIHBhdGNoLgoKR3VlbnRlcgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18KbGludXgtYXJtLWtlcm5lbCBtYWlsaW5nIGxpc3QKbGludXgtYXJtLWtlcm5l bEBsaXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4v bGlzdGluZm8vbGludXgtYXJtLWtlcm5lbAo=