[PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree

[PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree

[Chandra S Gorentla]

During the clean-up of the function, it is need to check if
errors occurred, not the memory pointer.

Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
 drivers/staging/wilc1000/wilc_msgqueue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index d5ebd6d..1b73b63 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -105,7 +105,7 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
 
 ERRORHANDLER:
 	/* error occured, free any allocations */
-	if (pstrMessage) {
+	if (result) {
 		kfree(pstrMessage->pvBuffer);
 		kfree(pstrMessage);
 	}
-- 
2.1.4

[PATCH 2/3] drivers: staging: wilc1000: Remove ineffective code

[Chandra S Gorentla]

The value of 'result' is not modified from 0 after initialization.
Hence no need to check it.

Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
 drivers/staging/wilc1000/wilc_msgqueue.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index 1b73b63..a9c28ad 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -145,11 +145,6 @@ int wilc_mq_recv(WILC_MsgQueueHandle *pHandle,
 	down(&pHandle->hSem);
 
 	/* other non-timeout scenarios */
-	if (result) {
-		PRINT_ER("Non-timeout\n");
-		return result;
-	}
-
 	if (pHandle->bExiting) {
 		PRINT_ER("pHandle fail\n");
 		return -EFAULT;
-- 
2.1.4

[PATCH 3/3] drivers: staging: wilc1000: Do not return from function with lock is on

[Chandra S Gorentla]

There are a couple of return statements before unlock.  Lock is moved
to a location just before queue manipulation.

Signed-off-by: Chandra S Gorentla <csgorentla@gmail.com>
---
 drivers/staging/wilc1000/wilc_msgqueue.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/wilc1000/wilc_msgqueue.c b/drivers/staging/wilc1000/wilc_msgqueue.c
index a9c28ad..2fa3792 100644
--- a/drivers/staging/wilc1000/wilc_msgqueue.c
+++ b/drivers/staging/wilc1000/wilc_msgqueue.c
@@ -72,8 +72,6 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
 		goto ERRORHANDLER;
 	}
 
-	spin_lock_irqsave(&pHandle->strCriticalSection, flags);
-
 	/* construct a new message */
 	pstrMessage = kmalloc(sizeof(Message), GFP_ATOMIC);
 	if (!pstrMessage)
@@ -88,6 +86,8 @@ int wilc_mq_send(WILC_MsgQueueHandle *pHandle,
 	memcpy(pstrMessage->pvBuffer, pvSendBuffer, u32SendBufferSize);
 
 	/* add it to the message queue */
+	spin_lock_irqsave(&pHandle->strCriticalSection, flags);
+
 	if (!pHandle->pstrMessageList) {
 		pHandle->pstrMessageList  = pstrMessage;
 	} else {
-- 
2.1.4

Re: [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree

[Dan Carpenter]

On Fri, Oct 02, 2015 at 06:47:35PM +0530, Chandra S Gorentla wrote:
> During the clean-up of the function, it is need to check if
> errors occurred, not the memory pointer.
>

The bug here is that we have a use after free on the success path.  It
should have been mentioned in the changelog.

Anyway, this patch is buggy.  If result == -EFAULT then it will crash.
Also this patch is really ugly.  There is someone who is going to send a
correct fix (just add a return 0).

This driver usese "do everything" style error handling.  It is a bug
prone anti-pattern because doing everything is more complicated than
doing one thing.  You can easily see it is bug prone, because it made
you introduce a bug, right?

Instead the error handling should look like this:

	return 0;

err_free_msg:
	kfree(pstrMessage);

	return ret;

There are no error paths where we need to free "pstrMessage->pvBuffer"
but if we were to add one it would look like this:

	return 0;

err_pvbuffer:
	kfree(pstrMessage->pvBuffer);
err_msg:
	kfree(pstrMessage);

	return ret;

This is a minimal, uncomplicated, no indenting, no if statement way of
unwinding.

regards,
dan carpenter

Re: [PATCH 1/3] drivers: staging: wilc1000: Check for errors before kfree

[Chandra Gorentla]

On Fri, Oct 02, 2015 at 04:39:11PM +0300, Dan Carpenter wrote:
> On Fri, Oct 02, 2015 at 06:47:35PM +0530, Chandra S Gorentla wrote:
> > During the clean-up of the function, it is need to check if
> > errors occurred, not the memory pointer.
> >
> 
> The bug here is that we have a use after free on the success path.  It
> should have been mentioned in the changelog.
> 
> Anyway, this patch is buggy.  If result == -EFAULT then it will crash.
> Also this patch is really ugly.  There is someone who is going to send a
> correct fix (just add a return 0).
> 
> This driver usese "do everything" style error handling.  It is a bug
> prone anti-pattern because doing everything is more complicated than
> doing one thing.  You can easily see it is bug prone, because it made
> you introduce a bug, right?
> 
> Instead the error handling should look like this:
> 
> 	return 0;
> 
> err_free_msg:
> 	kfree(pstrMessage);
> 
> 	return ret;
> 
> There are no error paths where we need to free "pstrMessage->pvBuffer"
> but if we were to add one it would look like this:
> 
> 	return 0;
> 
> err_pvbuffer:
> 	kfree(pstrMessage->pvBuffer);
> err_msg:
> 	kfree(pstrMessage);
> 
> 	return ret;
> 
> This is a minimal, uncomplicated, no indenting, no if statement way of
> unwinding.
> 
> regards,
> dan carpenter
> 
OK.  There is a problem in this patch.  I will correct it, reorganize the
patch series.

Thank you,
chandra