linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success
@ 2014-03-13  8:06 Krzysztof Kozlowski
  2014-03-13 14:13 ` Mark Brown
  2014-03-13 21:47 ` Mark Brown
  0 siblings, 2 replies; 5+ messages in thread
From: Krzysztof Kozlowski @ 2014-03-13  8:06 UTC (permalink / raw)
  To: Mark Brown, Greg Kroah-Hartman, linux-kernel; +Cc: Krzysztof Kozlowski

After setting the 'data' pointer (wchich is returned to the caller for
freeing later) the regmap_add_irq_chip() could still fail for various
reasons (ENOMEM, regmap_read or regmap_write failure). In such case the
memory under 'data' was freed in error path and error value was returned
but the 'data' variable was not changed.

This could lead to errors if the caller passed such 'data' to
regmap_del_irq_chip().

The 'data' pointer should be changed atomically from the caller
perspective - set it only on regmap_add_irq_chip() success.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
---
 drivers/base/regmap/regmap-irq.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index 82692068d3cb..6d5d04d473f1 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -368,8 +368,6 @@ int regmap_add_irq_chip(struct regmap *map, int irq, int irq_flags,
 	if (!d)
 		return -ENOMEM;
 
-	*data = d;
-
 	d->status_buf = kzalloc(sizeof(unsigned int) * chip->num_regs,
 				GFP_KERNEL);
 	if (!d->status_buf)
@@ -506,6 +504,8 @@ int regmap_add_irq_chip(struct regmap *map, int irq, int irq_flags,
 		goto err_domain;
 	}
 
+	*data = d;
+
 	return 0;
 
 err_domain:
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success
  2014-03-13  8:06 [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success Krzysztof Kozlowski
@ 2014-03-13 14:13 ` Mark Brown
  2014-03-13 14:33   ` Krzysztof Kozlowski
  2014-03-13 21:47 ` Mark Brown
  1 sibling, 1 reply; 5+ messages in thread
From: Mark Brown @ 2014-03-13 14:13 UTC (permalink / raw)
  To: Krzysztof Kozlowski; +Cc: Greg Kroah-Hartman, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 619 bytes --]

On Thu, Mar 13, 2014 at 09:06:01AM +0100, Krzysztof Kozlowski wrote:
> After setting the 'data' pointer (wchich is returned to the caller for
> freeing later) the regmap_add_irq_chip() could still fail for various
> reasons (ENOMEM, regmap_read or regmap_write failure). In such case the
> memory under 'data' was freed in error path and error value was returned
> but the 'data' variable was not changed.
> 
> This could lead to errors if the caller passed such 'data' to
> regmap_del_irq_chip().

If the user is calling regmap_del_irq_chip() after the add failed then
I'd expect things to break anyway...

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success
  2014-03-13 14:13 ` Mark Brown
@ 2014-03-13 14:33   ` Krzysztof Kozlowski
  2014-03-13 19:24     ` Mark Brown
  0 siblings, 1 reply; 5+ messages in thread
From: Krzysztof Kozlowski @ 2014-03-13 14:33 UTC (permalink / raw)
  To: Mark Brown; +Cc: Greg Kroah-Hartman, linux-kernel

On Thu, 2014-03-13 at 14:13 +0000, Mark Brown wrote:
> On Thu, Mar 13, 2014 at 09:06:01AM +0100, Krzysztof Kozlowski wrote:
> > After setting the 'data' pointer (wchich is returned to the caller for
> > freeing later) the regmap_add_irq_chip() could still fail for various
> > reasons (ENOMEM, regmap_read or regmap_write failure). In such case the
> > memory under 'data' was freed in error path and error value was returned
> > but the 'data' variable was not changed.
> > 
> > This could lead to errors if the caller passed such 'data' to
> > regmap_del_irq_chip().
> 
> If the user is calling regmap_del_irq_chip() after the add failed then
> I'd expect things to break anyway...

Yes, you're right but still I think that 'data' should be set in a
atomic way - only if regmap_add_irq_chip() succeeds. Usually a caller
passing a pointer for allocation expects that one of:
1. Allocation succeeds and it is put under passed pointer;
2. Allocation fails and no one touches my pointer.


Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success
  2014-03-13 14:33   ` Krzysztof Kozlowski
@ 2014-03-13 19:24     ` Mark Brown
  0 siblings, 0 replies; 5+ messages in thread
From: Mark Brown @ 2014-03-13 19:24 UTC (permalink / raw)
  To: Krzysztof Kozlowski; +Cc: Greg Kroah-Hartman, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 635 bytes --]

On Thu, Mar 13, 2014 at 03:33:04PM +0100, Krzysztof Kozlowski wrote:

> Yes, you're right but still I think that 'data' should be set in a
> atomic way - only if regmap_add_irq_chip() succeeds. Usually a caller
> passing a pointer for allocation expects that one of:
> 1. Allocation succeeds and it is put under passed pointer;
> 2. Allocation fails and no one touches my pointer.

Yeah, I probably will apply it but on the other hand nothing should be
relying on this - the caller is just plain buggy, it's not really even
supposed to be aware of the existence of data in the first place and is
doing the equivalent of a double free.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success
  2014-03-13  8:06 [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success Krzysztof Kozlowski
  2014-03-13 14:13 ` Mark Brown
@ 2014-03-13 21:47 ` Mark Brown
  1 sibling, 0 replies; 5+ messages in thread
From: Mark Brown @ 2014-03-13 21:47 UTC (permalink / raw)
  To: Krzysztof Kozlowski; +Cc: Greg Kroah-Hartman, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 424 bytes --]

On Thu, Mar 13, 2014 at 09:06:01AM +0100, Krzysztof Kozlowski wrote:
> After setting the 'data' pointer (wchich is returned to the caller for
> freeing later) the regmap_add_irq_chip() could still fail for various
> reasons (ENOMEM, regmap_read or regmap_write failure). In such case the
> memory under 'data' was freed in error path and error value was returned
> but the 'data' variable was not changed.

Applied, thanks.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-03-13 21:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-13  8:06 [PATCH] regmap: irq: Set data pointer only on regmap_add_irq_chip success Krzysztof Kozlowski
2014-03-13 14:13 ` Mark Brown
2014-03-13 14:33   ` Krzysztof Kozlowski
2014-03-13 19:24     ` Mark Brown
2014-03-13 21:47 ` Mark Brown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).