All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
@ 2022-01-08 14:07 ` trix
  0 siblings, 0 replies; 8+ messages in thread
From: trix @ 2022-01-08 14:07 UTC (permalink / raw)
  To: james.schulman, david.rhodes, tanureal, perex, tiwai, nathan,
	ndesaulniers
  Cc: alsa-devel, patches, linux-kernel, llvm, Tom Rix

From: Tom Rix <trix@redhat.com>

Clang static analysis reports this problem
cs35l41_hda.c:501:2: warning: Attempt to free released memory
        kfree(acpi_hw_cfg);
        ^~~~~~~~~~~~~~~~~~

This second free happens in the function's error handler which
is normally ok but acpi_hw_cfg is freed in the non error case
when it is still possible to have an error.

Consolidate the frees.

Fixes: 7b2f3eb492da ("ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems")
Signed-off-by: Tom Rix <trix@redhat.com>
---
 sound/pci/hda/cs35l41_hda.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sound/pci/hda/cs35l41_hda.c b/sound/pci/hda/cs35l41_hda.c
index aa5bb6977792c..265ace98965f5 100644
--- a/sound/pci/hda/cs35l41_hda.c
+++ b/sound/pci/hda/cs35l41_hda.c
@@ -476,7 +476,6 @@ int cs35l41_hda_probe(struct device *dev, const char *device_name, int id, int i
 	ret = cs35l41_hda_apply_properties(cs35l41, acpi_hw_cfg);
 	if (ret)
 		goto err;
-	kfree(acpi_hw_cfg);
 
 	if (cs35l41->reg_seq->probe) {
 		ret = regmap_register_patch(cs35l41->regmap, cs35l41->reg_seq->probe,
@@ -495,13 +494,14 @@ int cs35l41_hda_probe(struct device *dev, const char *device_name, int id, int i
 
 	dev_info(cs35l41->dev, "Cirrus Logic CS35L41 (%x), Revision: %02X\n", regid, reg_revid);
 
-	return 0;
-
 err:
 	kfree(acpi_hw_cfg);
-	if (!cs35l41->vspk_always_on)
-		gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
-	gpiod_put(cs35l41->reset_gpio);
+
+	if (unlikely(ret)) {
+		if (!cs35l41->vspk_always_on)
+			gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
+		gpiod_put(cs35l41->reset_gpio);
+	}
 
 	return ret;
 }
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
@ 2022-01-08 14:07 ` trix
  0 siblings, 0 replies; 8+ messages in thread
From: trix @ 2022-01-08 14:07 UTC (permalink / raw)
  To: james.schulman, david.rhodes, tanureal, perex, tiwai, nathan,
	ndesaulniers
  Cc: patches, alsa-devel, llvm, linux-kernel, Tom Rix

From: Tom Rix <trix@redhat.com>

Clang static analysis reports this problem
cs35l41_hda.c:501:2: warning: Attempt to free released memory
        kfree(acpi_hw_cfg);
        ^~~~~~~~~~~~~~~~~~

This second free happens in the function's error handler which
is normally ok but acpi_hw_cfg is freed in the non error case
when it is still possible to have an error.

Consolidate the frees.

Fixes: 7b2f3eb492da ("ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems")
Signed-off-by: Tom Rix <trix@redhat.com>
---
 sound/pci/hda/cs35l41_hda.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sound/pci/hda/cs35l41_hda.c b/sound/pci/hda/cs35l41_hda.c
index aa5bb6977792c..265ace98965f5 100644
--- a/sound/pci/hda/cs35l41_hda.c
+++ b/sound/pci/hda/cs35l41_hda.c
@@ -476,7 +476,6 @@ int cs35l41_hda_probe(struct device *dev, const char *device_name, int id, int i
 	ret = cs35l41_hda_apply_properties(cs35l41, acpi_hw_cfg);
 	if (ret)
 		goto err;
-	kfree(acpi_hw_cfg);
 
 	if (cs35l41->reg_seq->probe) {
 		ret = regmap_register_patch(cs35l41->regmap, cs35l41->reg_seq->probe,
@@ -495,13 +494,14 @@ int cs35l41_hda_probe(struct device *dev, const char *device_name, int id, int i
 
 	dev_info(cs35l41->dev, "Cirrus Logic CS35L41 (%x), Revision: %02X\n", regid, reg_revid);
 
-	return 0;
-
 err:
 	kfree(acpi_hw_cfg);
-	if (!cs35l41->vspk_always_on)
-		gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
-	gpiod_put(cs35l41->reset_gpio);
+
+	if (unlikely(ret)) {
+		if (!cs35l41->vspk_always_on)
+			gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
+		gpiod_put(cs35l41->reset_gpio);
+	}
 
 	return ret;
 }
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
  2022-01-08 14:07 ` trix
  (?)
@ 2022-01-09 22:33 ` Andy Shevchenko
  2022-01-10  0:37   ` Tom Rix
  -1 siblings, 1 reply; 8+ messages in thread
From: Andy Shevchenko @ 2022-01-09 22:33 UTC (permalink / raw)
  To: trix
  Cc: alsa-devel, tanureal, patches, llvm, ndesaulniers, tiwai, nathan,
	james.schulman, david.rhodes, linux-kernel

On Saturday, January 8, 2022, <trix@redhat.com> wrote:

> From: Tom Rix <trix@redhat.com>
>
> Clang static analysis reports this problem
> cs35l41_hda.c:501:2: warning: Attempt to free released memory
>         kfree(acpi_hw_cfg);
>         ^~~~~~~~~~~~~~~~~~
>
> This second free happens in the function's error handler which
> is normally ok but acpi_hw_cfg is freed in the non error case
> when it is still possible to have an error.
>
> Consolidate the frees.
>
> Fixes: 7b2f3eb492da ("ALSA: hda: cs35l41: Add support for CS35L41 in HDA
> systems")
> Signed-off-by: Tom Rix <trix@redhat.com>
> ---
>  sound/pci/hda/cs35l41_hda.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/sound/pci/hda/cs35l41_hda.c b/sound/pci/hda/cs35l41_hda.c
> index aa5bb6977792c..265ace98965f5 100644
> --- a/sound/pci/hda/cs35l41_hda.c
> +++ b/sound/pci/hda/cs35l41_hda.c
> @@ -476,7 +476,6 @@ int cs35l41_hda_probe(struct device *dev, const char
> *device_name, int id, int i
>         ret = cs35l41_hda_apply_properties(cs35l41, acpi_hw_cfg);
>         if (ret)
>                 goto err;
> -       kfree(acpi_hw_cfg);
>
>         if (cs35l41->reg_seq->probe) {
>                 ret = regmap_register_patch(cs35l41->regmap,
> cs35l41->reg_seq->probe,
> @@ -495,13 +494,14 @@ int cs35l41_hda_probe(struct device *dev, const char
> *device_name, int id, int i
>
>         dev_info(cs35l41->dev, "Cirrus Logic CS35L41 (%x), Revision:
> %02X\n", regid, reg_revid);
>
> -       return 0;
> -
>  err:
>         kfree(acpi_hw_cfg);
> -       if (!cs35l41->vspk_always_on)
> -               gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
> -       gpiod_put(cs35l41->reset_gpio);
> +
> +       if (unlikely(ret)) {


This is double weird. First of all, wtf unlikely is here? Second, I
commented on the patch that does something with this driver and pointed out
to the return 0 in some cases. This one seems a band aid.


> +               if (!cs35l41->vspk_always_on)
> +                       gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
> +               gpiod_put(cs35l41->reset_gpio);
> +       }
>
>         return ret;
>  }
> --
> 2.26.3
>
>

-- 
With Best Regards,
Andy Shevchenko

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
  2022-01-09 22:33 ` Andy Shevchenko
@ 2022-01-10  0:37   ` Tom Rix
  2022-01-10 10:21       ` Andy Shevchenko
  0 siblings, 1 reply; 8+ messages in thread
From: Tom Rix @ 2022-01-10  0:37 UTC (permalink / raw)
  To: Andy Shevchenko
  Cc: alsa-devel, tanureal, patches, llvm, ndesaulniers, tiwai, nathan,
	james.schulman, david.rhodes, linux-kernel


On 1/9/22 2:33 PM, Andy Shevchenko wrote:
>
>
> On Saturday, January 8, 2022, <trix@redhat.com 
> <mailto:trix@redhat.com>> wrote:
>
>     From: Tom Rix <trix@redhat.com <mailto:trix@redhat.com>>
>
>     Clang static analysis reports this problem
>     cs35l41_hda.c:501:2: warning: Attempt to free released memory
>             kfree(acpi_hw_cfg);
>             ^~~~~~~~~~~~~~~~~~
>
>     This second free happens in the function's error handler which
>     is normally ok but acpi_hw_cfg is freed in the non error case
>     when it is still possible to have an error.
>
>     Consolidate the frees.
>
>     Fixes: 7b2f3eb492da ("ALSA: hda: cs35l41: Add support for CS35L41
>     in HDA systems")
>     Signed-off-by: Tom Rix <trix@redhat.com <mailto:trix@redhat.com>>
>     ---
>      sound/pci/hda/cs35l41_hda.c | 12 ++++++------
>      1 file changed, 6 insertions(+), 6 deletions(-)
>
>     diff --git a/sound/pci/hda/cs35l41_hda.c b/sound/pci/hda/cs35l41_hda.c
>     index aa5bb6977792c..265ace98965f5 100644
>     --- a/sound/pci/hda/cs35l41_hda.c
>     +++ b/sound/pci/hda/cs35l41_hda.c
>     @@ -476,7 +476,6 @@ int cs35l41_hda_probe(struct device *dev,
>     const char *device_name, int id, int i
>             ret = cs35l41_hda_apply_properties(cs35l41, acpi_hw_cfg);
>             if (ret)
>                     goto err;
>     -       kfree(acpi_hw_cfg);
>
>             if (cs35l41->reg_seq->probe) {
>                     ret = regmap_register_patch(cs35l41->regmap,
>     cs35l41->reg_seq->probe,
>     @@ -495,13 +494,14 @@ int cs35l41_hda_probe(struct device *dev,
>     const char *device_name, int id, int i
>
>             dev_info(cs35l41->dev, "Cirrus Logic CS35L41 (%x),
>     Revision: %02X\n", regid, reg_revid);
>
>     -       return 0;
>     -
>      err:
>             kfree(acpi_hw_cfg);
>     -       if (!cs35l41->vspk_always_on)
>     -               gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
>     -       gpiod_put(cs35l41->reset_gpio);
>     +
>     +       if (unlikely(ret)) {
>
>
> This is double weird. First of all, wtf unlikely is here? Second, I 
> commented on the patch that does something with this driver and 
> pointed out to the return 0 in some cases. This one seems a band aid.

Unlikely to have an error.


>     +               if (!cs35l41->vspk_always_on)
>     +                     
>      gpiod_set_value_cansleep(cs35l41->reset_gpio, 0);
>     +               gpiod_put(cs35l41->reset_gpio);
>     +       }
>
>             return ret;
>      }
>     -- 
>     2.26.3
>
>
>
> -- 
> With Best Regards,
> Andy Shevchenko
>
>

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
  2022-01-10  0:37   ` Tom Rix
@ 2022-01-10 10:21       ` Andy Shevchenko
  0 siblings, 0 replies; 8+ messages in thread
From: Andy Shevchenko @ 2022-01-10 10:21 UTC (permalink / raw)
  To: Tom Rix
  Cc: james.schulman, david.rhodes, tanureal, perex, tiwai, nathan,
	ndesaulniers, alsa-devel, patches, linux-kernel, llvm

On Mon, Jan 10, 2022 at 2:37 AM Tom Rix <trix@redhat.com> wrote:
> On 1/9/22 2:33 PM, Andy Shevchenko wrote:
> On Saturday, January 8, 2022, <trix@redhat.com> wrote:

...

>> +       if (unlikely(ret)) {
>
> This is double weird. First of all, wtf unlikely is here? Second, I commented on the patch that does something with this driver and pointed out to the return 0 in some cases. This one seems a band aid.
>
> Unlikely to have an error.

We don't use likely() and unlikely() here and there, you need to
provide a very good justification of its use.

For the record, I forwarded you my review against the code where you
can find much more issues with it that are subject to fix / amend.

-- 
With Best Regards,
Andy Shevchenko

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
@ 2022-01-10 10:21       ` Andy Shevchenko
  0 siblings, 0 replies; 8+ messages in thread
From: Andy Shevchenko @ 2022-01-10 10:21 UTC (permalink / raw)
  To: Tom Rix
  Cc: alsa-devel, tanureal, patches, llvm, ndesaulniers, tiwai, nathan,
	james.schulman, david.rhodes, linux-kernel

On Mon, Jan 10, 2022 at 2:37 AM Tom Rix <trix@redhat.com> wrote:
> On 1/9/22 2:33 PM, Andy Shevchenko wrote:
> On Saturday, January 8, 2022, <trix@redhat.com> wrote:

...

>> +       if (unlikely(ret)) {
>
> This is double weird. First of all, wtf unlikely is here? Second, I commented on the patch that does something with this driver and pointed out to the return 0 in some cases. This one seems a band aid.
>
> Unlikely to have an error.

We don't use likely() and unlikely() here and there, you need to
provide a very good justification of its use.

For the record, I forwarded you my review against the code where you
can find much more issues with it that are subject to fix / amend.

-- 
With Best Regards,
Andy Shevchenko

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
  2022-01-10 10:21       ` Andy Shevchenko
@ 2022-01-11 16:11         ` Takashi Iwai
  -1 siblings, 0 replies; 8+ messages in thread
From: Takashi Iwai @ 2022-01-11 16:11 UTC (permalink / raw)
  To: Tom Rix
  Cc: Andy Shevchenko, james.schulman, david.rhodes, tanureal, perex,
	tiwai, nathan, ndesaulniers, alsa-devel, patches, linux-kernel,
	llvm

On Mon, 10 Jan 2022 11:21:11 +0100,
Andy Shevchenko wrote:
> 
> On Mon, Jan 10, 2022 at 2:37 AM Tom Rix <trix@redhat.com> wrote:
> > On 1/9/22 2:33 PM, Andy Shevchenko wrote:
> > On Saturday, January 8, 2022, <trix@redhat.com> wrote:
> 
> ...
> 
> >> +       if (unlikely(ret)) {
> >
> > This is double weird. First of all, wtf unlikely is here? Second, I commented on the patch that does something with this driver and pointed out to the return 0 in some cases. This one seems a band aid.
> >
> > Unlikely to have an error.
> 
> We don't use likely() and unlikely() here and there, you need to
> provide a very good justification of its use.
> 
> For the record, I forwarded you my review against the code where you
> can find much more issues with it that are subject to fix / amend.

For this particular bug fix, Dan submitted a simpler patch and I took
it now:
  https://lore.kernel.org/r/20220111072232.GG11243@kili


thanks,

Takashi

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe()
@ 2022-01-11 16:11         ` Takashi Iwai
  0 siblings, 0 replies; 8+ messages in thread
From: Takashi Iwai @ 2022-01-11 16:11 UTC (permalink / raw)
  To: Tom Rix
  Cc: alsa-devel, tanureal, patches, llvm, ndesaulniers, tiwai, nathan,
	Andy Shevchenko, james.schulman, david.rhodes, linux-kernel

On Mon, 10 Jan 2022 11:21:11 +0100,
Andy Shevchenko wrote:
> 
> On Mon, Jan 10, 2022 at 2:37 AM Tom Rix <trix@redhat.com> wrote:
> > On 1/9/22 2:33 PM, Andy Shevchenko wrote:
> > On Saturday, January 8, 2022, <trix@redhat.com> wrote:
> 
> ...
> 
> >> +       if (unlikely(ret)) {
> >
> > This is double weird. First of all, wtf unlikely is here? Second, I commented on the patch that does something with this driver and pointed out to the return 0 in some cases. This one seems a band aid.
> >
> > Unlikely to have an error.
> 
> We don't use likely() and unlikely() here and there, you need to
> provide a very good justification of its use.
> 
> For the record, I forwarded you my review against the code where you
> can find much more issues with it that are subject to fix / amend.

For this particular bug fix, Dan submitted a simpler patch and I took
it now:
  https://lore.kernel.org/r/20220111072232.GG11243@kili


thanks,

Takashi

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-01-11 16:11 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-08 14:07 [PATCH] ALSA: hda: cs35l41: fix double free in cs35l41_hda_probe() trix
2022-01-08 14:07 ` trix
2022-01-09 22:33 ` Andy Shevchenko
2022-01-10  0:37   ` Tom Rix
2022-01-10 10:21     ` Andy Shevchenko
2022-01-10 10:21       ` Andy Shevchenko
2022-01-11 16:11       ` Takashi Iwai
2022-01-11 16:11         ` Takashi Iwai

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.