diff mbox series

ethernet: atheros: fix a memleak in atl1e_setup_ring_resources

Message ID 20231207143822.3358727-1-alexious@zju.edu.cn (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series ethernet: atheros: fix a memleak in atl1e_setup_ring_resources | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1141 this patch: 1141
netdev/cc_maintainers success CCed 10 of 10 maintainers
netdev/build_clang success Errors and warnings before: 1142 this patch: 1142
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1168 this patch: 1168
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Zhipeng Lu Dec. 7, 2023, 2:38 p.m. UTC 
In the error handling of 'offset > adapter->ring_size', the
tx_ring->tx_buffer allocated by kzalloc should be freed,
instead of 'goto failed' instantly.

Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
---
 drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Suman Ghosh Dec. 7, 2023, 5:08 p.m. UTC | #1 
>diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>index 5935be190b9e..deb5a3f207cc 100644
>--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
>@@ -866,6 +866,7 @@ static int atl1e_setup_ring_resources(struct
>atl1e_adapter *adapter)
> 		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
> 			   offset, adapter->ring_size);
> 		err = -1;
>+		kfree(tx_ring->tx_buffer);
[Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free?
> 		goto failed;
> 	}
>
>--
>2.34.1
>
Jakub Kicinski Dec. 7, 2023, 5:42 p.m. UTC | #2 
On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
> >+		kfree(tx_ring->tx_buffer);  
>
> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid use after free?

It's up to the driver. Some may call that defensive programming.
Suman Ghosh Dec. 7, 2023, 5:54 p.m. UTC | #3 
>On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
>> >+		kfree(tx_ring->tx_buffer);
>>
>> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid
>use after free?
>
>It's up to the driver. Some may call that defensive programming.
[Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng.
Zhipeng Lu Dec. 8, 2023, 8:12 a.m. UTC | #4 
> >On Thu, 7 Dec 2023 17:08:15 +0000 Suman Ghosh wrote:
> >> >+		kfree(tx_ring->tx_buffer);
> >>
> >> [Suman] I think we should do tx_ring->tx_buffer = NULL also, to avoid
> >use after free?
> >
> >It's up to the driver. Some may call that defensive programming.
> [Suman] Agree. I pointed it out since this driver is using this approach at other places. But sure, it is up to Zhipeng.

[Zhipeng] I think Suman's suggestion is valuable, it prevents potiential use-after-free and is consistent with other free operations in the same module.
diff mbox series

Patch

diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
index 5935be190b9e..deb5a3f207cc 100644
--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
@@ -866,6 +866,7 @@  static int atl1e_setup_ring_resources(struct atl1e_adapter *adapter)
 		netdev_err(adapter->netdev, "offset(%d) > ring size(%d) !!\n",
 			   offset, adapter->ring_size);
 		err = -1;
+		kfree(tx_ring->tx_buffer);
 		goto failed;
 	}