diff mbox series

usb: sierra: fix a missing check of device_create_file

Message ID 20190324223920.961-1-kjlu@umn.edu (mailing list archive)
State Superseded
Headers show
Series usb: sierra: fix a missing check of device_create_file | expand

Commit Message

Kangjie Lu March 24, 2019, 10:39 p.m. UTC 
device_create_file() could fail and return an error code. The fix
captures the error and returns the error code upstream in case it
indeed failed.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 drivers/usb/storage/sierra_ms.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

kernel test robot March 25, 2019, 2:47 a.m. UTC | #1 
Hi Kangjie,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on usb/usb-testing]
[also build test WARNING on v5.1-rc2 next-20190322]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Kangjie-Lu/usb-sierra-fix-a-missing-check-of-device_create_file/20190325-101328
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
config: x86_64-randconfig-x009-201912 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   drivers/usb/storage/sierra_ms.c: In function 'sierra_ms_init':
>> drivers/usb/storage/sierra_ms.c:199:3: warning: 'swocInfo' may be used uninitialized in this function [-Wmaybe-uninitialized]
      kfree(swocInfo);
      ^~~~~~~~~~~~~~~

vim +/swocInfo +199 drivers/usb/storage/sierra_ms.c

   126	
   127	int sierra_ms_init(struct us_data *us)
   128	{
   129		int result, retries;
   130		struct swoc_info *swocInfo;
   131		struct usb_device *udev;
   132		struct Scsi_Host *sh;
   133	
   134		retries = 3;
   135		result = 0;
   136		udev = us->pusb_dev;
   137	
   138		sh = us_to_host(us);
   139		scsi_get_host_dev(sh);
   140	
   141		/* Force Modem mode */
   142		if (swi_tru_install == TRU_FORCE_MODEM) {
   143			usb_stor_dbg(us, "SWIMS: Forcing Modem Mode\n");
   144			result = sierra_set_ms_mode(udev, SWIMS_SET_MODE_Modem);
   145			if (result < 0)
   146				usb_stor_dbg(us, "SWIMS: Failed to switch to modem mode\n");
   147			return -EIO;
   148		}
   149		/* Force Mass Storage mode (keep CD-Rom) */
   150		else if (swi_tru_install == TRU_FORCE_MS) {
   151			usb_stor_dbg(us, "SWIMS: Forcing Mass Storage Mode\n");
   152			goto complete;
   153		}
   154		/* Normal TRU-Install Logic */
   155		else {
   156			usb_stor_dbg(us, "SWIMS: Normal SWoC Logic\n");
   157	
   158			swocInfo = kmalloc(sizeof(struct swoc_info),
   159					GFP_KERNEL);
   160			if (!swocInfo)
   161				return -ENOMEM;
   162	
   163			retries = 3;
   164			do {
   165				retries--;
   166				result = sierra_get_swoc_info(udev, swocInfo);
   167				if (result < 0) {
   168					usb_stor_dbg(us, "SWIMS: Failed SWoC query\n");
   169					schedule_timeout_uninterruptible(2*HZ);
   170				}
   171			} while (retries && result < 0);
   172	
   173			if (result < 0) {
   174				usb_stor_dbg(us, "SWIMS: Completely failed SWoC query\n");
   175				kfree(swocInfo);
   176				return -EIO;
   177			}
   178	
   179			debug_swoc(&us->pusb_dev->dev, swocInfo);
   180	
   181			/*
   182			 * If there is not Linux software on the TRU-Install device
   183			 * then switch to modem mode
   184			 */
   185			if (!containsFullLinuxPackage(swocInfo)) {
   186				usb_stor_dbg(us, "SWIMS: Switching to Modem Mode\n");
   187				result = sierra_set_ms_mode(udev,
   188					SWIMS_SET_MODE_Modem);
   189				if (result < 0)
   190					usb_stor_dbg(us, "SWIMS: Failed to switch modem\n");
   191				kfree(swocInfo);
   192				return -EIO;
   193			}
   194			kfree(swocInfo);
   195		}
   196	complete:
   197		result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
   198		if (result) {
 > 199			kfree(swocInfo);
   200			return result;
   201		}
   202	
   203		return 0;
   204	}
   205	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
Dan Carpenter March 26, 2019, 8:18 a.m. UTC | #2 
Hi Kangjie,

Thank you for the patch! Perhaps something to improve:

url:    https://github.com/0day-ci/linux/commits/Kangjie-Lu/usb-sierra-fix-a-missing-check-of-device_create_file/20190325-101328
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing

smatch warnings:
drivers/usb/storage/sierra_ms.c:199 sierra_ms_init() error: double free of 'swocInfo'

# https://github.com/0day-ci/linux/commit/04d66f3d072c3d14308aebecdbc0f2983ce443d2
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 04d66f3d072c3d14308aebecdbc0f2983ce443d2
vim +/swocInfo +199 drivers/usb/storage/sierra_ms.c

32fe5e393 Kevin Lloyd  2008-07-10  126  
32fe5e393 Kevin Lloyd  2008-07-10  127  int sierra_ms_init(struct us_data *us)
32fe5e393 Kevin Lloyd  2008-07-10  128  {
32fe5e393 Kevin Lloyd  2008-07-10  129  	int result, retries;
32fe5e393 Kevin Lloyd  2008-07-10  130  	struct swoc_info *swocInfo;
32fe5e393 Kevin Lloyd  2008-07-10  131  	struct usb_device *udev;
32fe5e393 Kevin Lloyd  2008-07-10  132  	struct Scsi_Host *sh;
32fe5e393 Kevin Lloyd  2008-07-10  133  
32fe5e393 Kevin Lloyd  2008-07-10  134  	retries = 3;
32fe5e393 Kevin Lloyd  2008-07-10  135  	result = 0;
32fe5e393 Kevin Lloyd  2008-07-10  136  	udev = us->pusb_dev;
32fe5e393 Kevin Lloyd  2008-07-10  137  
32fe5e393 Kevin Lloyd  2008-07-10  138  	sh = us_to_host(us);
0220a3f01 Alan Cox     2012-09-19  139  	scsi_get_host_dev(sh);
32fe5e393 Kevin Lloyd  2008-07-10  140  
32fe5e393 Kevin Lloyd  2008-07-10  141  	/* Force Modem mode */
32fe5e393 Kevin Lloyd  2008-07-10  142  	if (swi_tru_install == TRU_FORCE_MODEM) {
191648d03 Joe Perches  2013-04-19  143  		usb_stor_dbg(us, "SWIMS: Forcing Modem Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  144  		result = sierra_set_ms_mode(udev, SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd  2008-07-10  145  		if (result < 0)
191648d03 Joe Perches  2013-04-19  146  			usb_stor_dbg(us, "SWIMS: Failed to switch to modem mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  147  		return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  148  	}
32fe5e393 Kevin Lloyd  2008-07-10  149  	/* Force Mass Storage mode (keep CD-Rom) */
32fe5e393 Kevin Lloyd  2008-07-10  150  	else if (swi_tru_install == TRU_FORCE_MS) {
191648d03 Joe Perches  2013-04-19  151  		usb_stor_dbg(us, "SWIMS: Forcing Mass Storage Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  152  		goto complete;
32fe5e393 Kevin Lloyd  2008-07-10  153  	}
32fe5e393 Kevin Lloyd  2008-07-10  154  	/* Normal TRU-Install Logic */
32fe5e393 Kevin Lloyd  2008-07-10  155  	else {
191648d03 Joe Perches  2013-04-19  156  		usb_stor_dbg(us, "SWIMS: Normal SWoC Logic\n");
32fe5e393 Kevin Lloyd  2008-07-10  157  
32fe5e393 Kevin Lloyd  2008-07-10  158  		swocInfo = kmalloc(sizeof(struct swoc_info),
32fe5e393 Kevin Lloyd  2008-07-10  159  				GFP_KERNEL);
191648d03 Joe Perches  2013-04-19  160  		if (!swocInfo)
32fe5e393 Kevin Lloyd  2008-07-10  161  			return -ENOMEM;
32fe5e393 Kevin Lloyd  2008-07-10  162  
32fe5e393 Kevin Lloyd  2008-07-10  163  		retries = 3;
32fe5e393 Kevin Lloyd  2008-07-10  164  		do {
32fe5e393 Kevin Lloyd  2008-07-10  165  			retries--;
32fe5e393 Kevin Lloyd  2008-07-10  166  			result = sierra_get_swoc_info(udev, swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  167  			if (result < 0) {
191648d03 Joe Perches  2013-04-19  168  				usb_stor_dbg(us, "SWIMS: Failed SWoC query\n");
32fe5e393 Kevin Lloyd  2008-07-10  169  				schedule_timeout_uninterruptible(2*HZ);
32fe5e393 Kevin Lloyd  2008-07-10  170  			}
32fe5e393 Kevin Lloyd  2008-07-10  171  		} while (retries && result < 0);
32fe5e393 Kevin Lloyd  2008-07-10  172  
32fe5e393 Kevin Lloyd  2008-07-10  173  		if (result < 0) {
191648d03 Joe Perches  2013-04-19  174  			usb_stor_dbg(us, "SWIMS: Completely failed SWoC query\n");
32fe5e393 Kevin Lloyd  2008-07-10  175  			kfree(swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  176  			return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  177  		}
32fe5e393 Kevin Lloyd  2008-07-10  178  
191648d03 Joe Perches  2013-04-19  179  		debug_swoc(&us->pusb_dev->dev, swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  180  
f0183a338 Felipe Balbi 2016-04-18  181  		/*
f0183a338 Felipe Balbi 2016-04-18  182  		 * If there is not Linux software on the TRU-Install device
32fe5e393 Kevin Lloyd  2008-07-10  183  		 * then switch to modem mode
32fe5e393 Kevin Lloyd  2008-07-10  184  		 */
32fe5e393 Kevin Lloyd  2008-07-10  185  		if (!containsFullLinuxPackage(swocInfo)) {
191648d03 Joe Perches  2013-04-19  186  			usb_stor_dbg(us, "SWIMS: Switching to Modem Mode\n");
32fe5e393 Kevin Lloyd  2008-07-10  187  			result = sierra_set_ms_mode(udev,
32fe5e393 Kevin Lloyd  2008-07-10  188  				SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd  2008-07-10  189  			if (result < 0)
191648d03 Joe Perches  2013-04-19  190  				usb_stor_dbg(us, "SWIMS: Failed to switch modem\n");
32fe5e393 Kevin Lloyd  2008-07-10  191  			kfree(swocInfo);
32fe5e393 Kevin Lloyd  2008-07-10  192  			return -EIO;
32fe5e393 Kevin Lloyd  2008-07-10  193  		}
32fe5e393 Kevin Lloyd  2008-07-10  194  		kfree(swocInfo);
                                                        ^^^^^^^^^^^^^^^^

32fe5e393 Kevin Lloyd  2008-07-10  195  	}

break statement?

32fe5e393 Kevin Lloyd  2008-07-10  196  complete:
32fe5e393 Kevin Lloyd  2008-07-10  197  	result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
04d66f3d0 Kangjie Lu   2019-03-24  198  	if (result) {
04d66f3d0 Kangjie Lu   2019-03-24 @199  		kfree(swocInfo);
                                                        ^^^^^^^^^^^^^^^
Double free.

04d66f3d0 Kangjie Lu   2019-03-24  200  		return result;
04d66f3d0 Kangjie Lu   2019-03-24  201  	}
32fe5e393 Kevin Lloyd  2008-07-10  202  
be475d902 Alan Stern   2009-05-21  203  	return 0;
32fe5e393 Kevin Lloyd  2008-07-10  204  }
32fe5e393 Kevin Lloyd  2008-07-10  205  

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
Dan Carpenter March 26, 2019, 8:23 a.m. UTC | #3 
On Tue, Mar 26, 2019 at 11:18:31AM +0300, Dan Carpenter wrote:
> 32fe5e393 Kevin Lloyd  2008-07-10  193  		}
> 32fe5e393 Kevin Lloyd  2008-07-10  194  		kfree(swocInfo);
>                                                         ^^^^^^^^^^^^^^^^
> 
> 32fe5e393 Kevin Lloyd  2008-07-10  195  	}
> 
> break statement?

Sorry, for some reason I saw "complete:" and read "default:". :/

But the warning seems valid.

regards,
dan carpenter

> 
> 32fe5e393 Kevin Lloyd  2008-07-10  196  complete:
> 32fe5e393 Kevin Lloyd  2008-07-10  197  	result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
> 04d66f3d0 Kangjie Lu   2019-03-24  198  	if (result) {
> 04d66f3d0 Kangjie Lu   2019-03-24 @199  		kfree(swocInfo);
>                                                         ^^^^^^^^^^^^^^^
> Double free.
>
diff mbox series

Patch

diff --git a/drivers/usb/storage/sierra_ms.c b/drivers/usb/storage/sierra_ms.c
index 6ac60abd2e15..2c049e3a56eb 100644
--- a/drivers/usb/storage/sierra_ms.c
+++ b/drivers/usb/storage/sierra_ms.c
@@ -195,6 +195,10 @@  int sierra_ms_init(struct us_data *us)
 	}
 complete:
 	result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
+	if (result) {
+		kfree(swocInfo);
+		return result;
+	}
 
 	return 0;
 }