Re: [PATCH] crypto: crypto4xx: fix a potential double free in ppc4xx_trng_probe

From: Julia Lawall
Date: Mon Jul 08 2019 - 02:27:34 EST




On Mon, 8 Jul 2019, Wen Yang wrote:

> There is a possible double free issue in ppc4xx_trng_probe():
>
> 85: dev->trng_base = of_iomap(trng, 0);
> 86: of_node_put(trng); ---> released here
> 87: if (!dev->trng_base)
> 88: goto err_out;
> ...
> 110: ierr_out:
> 111: of_node_put(trng); ---> double released here
> ...
>
> This issue was detected by using the Coccinelle software.
> We fix it by removing the unnecessary of_node_put().
>
> Fixes: 5343e674f32 ("crypto4xx: integrate ppc4xx-rng into crypto4xx")
> Signed-off-by: Wen Yang <wen.yang99@xxxxxxxxxx>
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Allison Randal <allison@xxxxxxxxxxx>
> Cc: Armijn Hemel <armijn@xxxxxxxxxx>
> Cc: Julia Lawall <Julia.Lawall@xxxxxxx>
> Cc: linux-crypto@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx

Acked-by: Julia Lawall <julia.lawall@xxxxxxx>


> ---
> drivers/crypto/amcc/crypto4xx_trng.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/crypto/amcc/crypto4xx_trng.c b/drivers/crypto/amcc/crypto4xx_trng.c
> index 02a6bed3..f10a87e 100644
> --- a/drivers/crypto/amcc/crypto4xx_trng.c
> +++ b/drivers/crypto/amcc/crypto4xx_trng.c
> @@ -108,7 +108,6 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev)
> return;
>
> err_out:
> - of_node_put(trng);
> iounmap(dev->trng_base);
> kfree(rng);
> dev->trng_base = NULL;
> --
> 2.9.5
>
>