* [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree
@ 2015-10-02 13:17 Chandra S Gorentla
2015-10-02 13:17 ` [PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code Chandra S Gorentla
2015-10-02 13:39 ` [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: Chandra S Gorentla @ 2015-10-02 13:17 UTC (permalink / raw)
To: gregkh
Cc: johnny.kim, rachel.kim, chris.park, linux-wireless, devel,
linux-kernel, dan.carpenter, Chandra S Gorentla
During the clean-up of the function, it is need to check if
errors occurred, not the memory pointer.
Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
drivers/staging/wilc1000/wilc_msgqueue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index d5ebd6d..1b73b63 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -105,7 +105,7 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
ERRORHANDLER:
/* error occured, free any allocations */
- if (pstrMessage) {
+ if (result) {
kfree(pstrMessage->pvBuffer);
kfree(pstrMessage);
}
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code
2015-10-02 13:17 [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Chandra S Gorentla
@ 2015-10-02 13:17 ` Chandra S Gorentla
2015-10-02 13:17 ` [PATCH 3/3] drivers: staging: wilc1000: Do not return from function with lock is on Chandra S Gorentla
2015-10-02 13:39 ` [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Dan Carpenter
1 sibling, 1 reply; 5+ messages in thread
From: Chandra S Gorentla @ 2015-10-02 13:17 UTC (permalink / raw)
To: gregkh
Cc: johnny.kim, rachel.kim, chris.park, linux-wireless, devel,
linux-kernel, dan.carpenter, Chandra S Gorentla
The value of 'result' is not modified from 0 after initialization.
Hence no need to check it.
Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
drivers/staging/wilc1000/wilc_msgqueue.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index 1b73b63..a9c28ad 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -145,11 +145,6 @@ int wilc_mq_recv(WILC_MsgQueueHandle *pHandle,
down(&pHandle->hSem);
/* other non-timeout scenarios */
- if (result) {
- PRINT_ER("Non-timeout\n");
- return result;
- }
-
if (pHandle->bExiting) {
PRINT_ER("pHandle fail\n");
return -EFAULT;
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] drivers: staging: wilc1000: Do not return from function with lock is on
2015-10-02 13:17 ` [PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code Chandra S Gorentla
@ 2015-10-02 13:17 ` Chandra S Gorentla
0 siblings, 0 replies; 5+ messages in thread
From: Chandra S Gorentla @ 2015-10-02 13:17 UTC (permalink / raw)
To: gregkh
Cc: johnny.kim, rachel.kim, chris.park, linux-wireless, devel,
linux-kernel, dan.carpenter, Chandra S Gorentla
There are a couple of return statements before unlock. Lock is moved
to a location just before queue manipulation.
Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
drivers/staging/wilc1000/wilc_msgqueue.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index a9c28ad..2fa3792 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -72,8 +72,6 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
goto ERRORHANDLER;
}
- spin_lock_irqsave(&pHandle->strCriticalSection, flags);
-
/* construct a new message */
pstrMessage = kmalloc(sizeof(Message), GFP_ATOMIC);
if (!pstrMessage)
@@ -88,6 +86,8 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
memcpy(pstrMessage->pvBuffer, pvSendBuffer, u32SendBufferSize);
/* add it to the message queue */
+ spin_lock_irqsave(&pHandle->strCriticalSection, flags);
+
if (!pHandle->pstrMessageList) {
pHandle->pstrMessageList = pstrMessage;
} else {
--
2.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree
2015-10-02 13:17 [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Chandra S Gorentla
2015-10-02 13:17 ` [PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code Chandra S Gorentla
@ 2015-10-02 13:39 ` Dan Carpenter
2015-10-03 2:11 ` Chandra Gorentla
1 sibling, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2015-10-02 13:39 UTC (permalink / raw)
To: Chandra S Gorentla
Cc: gregkh, rachel.kim, devel, chris.park, linux-wireless,
johnny.kim, linux-kernel
On Fri, Oct 02, 2015 at 06:47:35PM +0530, Chandra S Gorentla wrote:
> During the clean-up of the function, it is need to check if
> errors occurred, not the memory pointer.
>
The bug here is that we have a use after free on the success path. It
should have been mentioned in the changelog.
Anyway, this patch is buggy. If result == -EFAULT then it will crash.
Also this patch is really ugly. There is someone who is going to send a
correct fix (just add a return 0).
This driver usese "do everything" style error handling. It is a bug
prone anti-pattern because doing everything is more complicated than
doing one thing. You can easily see it is bug prone, because it made
you introduce a bug, right?
Instead the error handling should look like this:
return 0;
err_free_msg:
kfree(pstrMessage);
return ret;
There are no error paths where we need to free "pstrMessage->pvBuffer"
but if we were to add one it would look like this:
return 0;
err_pvbuffer:
kfree(pstrMessage->pvBuffer);
err_msg:
kfree(pstrMessage);
return ret;
This is a minimal, uncomplicated, no indenting, no if statement way of
unwinding.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree
2015-10-02 13:39 ` [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Dan Carpenter
@ 2015-10-03 2:11 ` Chandra Gorentla
0 siblings, 0 replies; 5+ messages in thread
From: Chandra Gorentla @ 2015-10-03 2:11 UTC (permalink / raw)
To: Dan Carpenter
Cc: gregkh, rachel.kim, devel, chris.park, linux-wireless,
johnny.kim, linux-kernel
On Fri, Oct 02, 2015 at 04:39:11PM +0300, Dan Carpenter wrote:
> On Fri, Oct 02, 2015 at 06:47:35PM +0530, Chandra S Gorentla wrote:
> > During the clean-up of the function, it is need to check if
> > errors occurred, not the memory pointer.
> >
>
> The bug here is that we have a use after free on the success path. It
> should have been mentioned in the changelog.
>
> Anyway, this patch is buggy. If result == -EFAULT then it will crash.
> Also this patch is really ugly. There is someone who is going to send a
> correct fix (just add a return 0).
>
> This driver usese "do everything" style error handling. It is a bug
> prone anti-pattern because doing everything is more complicated than
> doing one thing. You can easily see it is bug prone, because it made
> you introduce a bug, right?
>
> Instead the error handling should look like this:
>
> return 0;
>
> err_free_msg:
> kfree(pstrMessage);
>
> return ret;
>
> There are no error paths where we need to free "pstrMessage->pvBuffer"
> but if we were to add one it would look like this:
>
> return 0;
>
> err_pvbuffer:
> kfree(pstrMessage->pvBuffer);
> err_msg:
> kfree(pstrMessage);
>
> return ret;
>
> This is a minimal, uncomplicated, no indenting, no if statement way of
> unwinding.
>
> regards,
> dan carpenter
>
OK. There is a problem in this patch. I will correct it, reorganize the
patch series.
Thank you,
chandra
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-10-03 2:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-02 13:17 [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Chandra S Gorentla
2015-10-02 13:17 ` [PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code Chandra S Gorentla
2015-10-02 13:17 ` [PATCH 3/3] drivers: staging: wilc1000: Do not return from function with lock is on Chandra S Gorentla
2015-10-02 13:39 ` [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree Dan Carpenter
2015-10-03 2:11 ` Chandra Gorentla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).