Re: [PATCH] usb: sierra: fix a missing check of device_create_file
From: Dan Carpenter
Date: Tue Mar 26 2019 - 04:19:07 EST
Hi Kangjie,
Thank you for the patch! Perhaps something to improve:
url: https://github.com/0day-ci/linux/commits/Kangjie-Lu/usb-sierra-fix-a-missing-check-of-device_create_file/20190325-101328
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
smatch warnings:
drivers/usb/storage/sierra_ms.c:199 sierra_ms_init() error: double free of 'swocInfo'
# https://github.com/0day-ci/linux/commit/04d66f3d072c3d14308aebecdbc0f2983ce443d2
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 04d66f3d072c3d14308aebecdbc0f2983ce443d2
vim +/swocInfo +199 drivers/usb/storage/sierra_ms.c
32fe5e393 Kevin Lloyd 2008-07-10 126
32fe5e393 Kevin Lloyd 2008-07-10 127 int sierra_ms_init(struct us_data *us)
32fe5e393 Kevin Lloyd 2008-07-10 128 {
32fe5e393 Kevin Lloyd 2008-07-10 129 int result, retries;
32fe5e393 Kevin Lloyd 2008-07-10 130 struct swoc_info *swocInfo;
32fe5e393 Kevin Lloyd 2008-07-10 131 struct usb_device *udev;
32fe5e393 Kevin Lloyd 2008-07-10 132 struct Scsi_Host *sh;
32fe5e393 Kevin Lloyd 2008-07-10 133
32fe5e393 Kevin Lloyd 2008-07-10 134 retries = 3;
32fe5e393 Kevin Lloyd 2008-07-10 135 result = 0;
32fe5e393 Kevin Lloyd 2008-07-10 136 udev = us->pusb_dev;
32fe5e393 Kevin Lloyd 2008-07-10 137
32fe5e393 Kevin Lloyd 2008-07-10 138 sh = us_to_host(us);
0220a3f01 Alan Cox 2012-09-19 139 scsi_get_host_dev(sh);
32fe5e393 Kevin Lloyd 2008-07-10 140
32fe5e393 Kevin Lloyd 2008-07-10 141 /* Force Modem mode */
32fe5e393 Kevin Lloyd 2008-07-10 142 if (swi_tru_install == TRU_FORCE_MODEM) {
191648d03 Joe Perches 2013-04-19 143 usb_stor_dbg(us, "SWIMS: Forcing Modem Mode\n");
32fe5e393 Kevin Lloyd 2008-07-10 144 result = sierra_set_ms_mode(udev, SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd 2008-07-10 145 if (result < 0)
191648d03 Joe Perches 2013-04-19 146 usb_stor_dbg(us, "SWIMS: Failed to switch to modem mode\n");
32fe5e393 Kevin Lloyd 2008-07-10 147 return -EIO;
32fe5e393 Kevin Lloyd 2008-07-10 148 }
32fe5e393 Kevin Lloyd 2008-07-10 149 /* Force Mass Storage mode (keep CD-Rom) */
32fe5e393 Kevin Lloyd 2008-07-10 150 else if (swi_tru_install == TRU_FORCE_MS) {
191648d03 Joe Perches 2013-04-19 151 usb_stor_dbg(us, "SWIMS: Forcing Mass Storage Mode\n");
32fe5e393 Kevin Lloyd 2008-07-10 152 goto complete;
32fe5e393 Kevin Lloyd 2008-07-10 153 }
32fe5e393 Kevin Lloyd 2008-07-10 154 /* Normal TRU-Install Logic */
32fe5e393 Kevin Lloyd 2008-07-10 155 else {
191648d03 Joe Perches 2013-04-19 156 usb_stor_dbg(us, "SWIMS: Normal SWoC Logic\n");
32fe5e393 Kevin Lloyd 2008-07-10 157
32fe5e393 Kevin Lloyd 2008-07-10 158 swocInfo = kmalloc(sizeof(struct swoc_info),
32fe5e393 Kevin Lloyd 2008-07-10 159 GFP_KERNEL);
191648d03 Joe Perches 2013-04-19 160 if (!swocInfo)
32fe5e393 Kevin Lloyd 2008-07-10 161 return -ENOMEM;
32fe5e393 Kevin Lloyd 2008-07-10 162
32fe5e393 Kevin Lloyd 2008-07-10 163 retries = 3;
32fe5e393 Kevin Lloyd 2008-07-10 164 do {
32fe5e393 Kevin Lloyd 2008-07-10 165 retries--;
32fe5e393 Kevin Lloyd 2008-07-10 166 result = sierra_get_swoc_info(udev, swocInfo);
32fe5e393 Kevin Lloyd 2008-07-10 167 if (result < 0) {
191648d03 Joe Perches 2013-04-19 168 usb_stor_dbg(us, "SWIMS: Failed SWoC query\n");
32fe5e393 Kevin Lloyd 2008-07-10 169 schedule_timeout_uninterruptible(2*HZ);
32fe5e393 Kevin Lloyd 2008-07-10 170 }
32fe5e393 Kevin Lloyd 2008-07-10 171 } while (retries && result < 0);
32fe5e393 Kevin Lloyd 2008-07-10 172
32fe5e393 Kevin Lloyd 2008-07-10 173 if (result < 0) {
191648d03 Joe Perches 2013-04-19 174 usb_stor_dbg(us, "SWIMS: Completely failed SWoC query\n");
32fe5e393 Kevin Lloyd 2008-07-10 175 kfree(swocInfo);
32fe5e393 Kevin Lloyd 2008-07-10 176 return -EIO;
32fe5e393 Kevin Lloyd 2008-07-10 177 }
32fe5e393 Kevin Lloyd 2008-07-10 178
191648d03 Joe Perches 2013-04-19 179 debug_swoc(&us->pusb_dev->dev, swocInfo);
32fe5e393 Kevin Lloyd 2008-07-10 180
f0183a338 Felipe Balbi 2016-04-18 181 /*
f0183a338 Felipe Balbi 2016-04-18 182 * If there is not Linux software on the TRU-Install device
32fe5e393 Kevin Lloyd 2008-07-10 183 * then switch to modem mode
32fe5e393 Kevin Lloyd 2008-07-10 184 */
32fe5e393 Kevin Lloyd 2008-07-10 185 if (!containsFullLinuxPackage(swocInfo)) {
191648d03 Joe Perches 2013-04-19 186 usb_stor_dbg(us, "SWIMS: Switching to Modem Mode\n");
32fe5e393 Kevin Lloyd 2008-07-10 187 result = sierra_set_ms_mode(udev,
32fe5e393 Kevin Lloyd 2008-07-10 188 SWIMS_SET_MODE_Modem);
32fe5e393 Kevin Lloyd 2008-07-10 189 if (result < 0)
191648d03 Joe Perches 2013-04-19 190 usb_stor_dbg(us, "SWIMS: Failed to switch modem\n");
32fe5e393 Kevin Lloyd 2008-07-10 191 kfree(swocInfo);
32fe5e393 Kevin Lloyd 2008-07-10 192 return -EIO;
32fe5e393 Kevin Lloyd 2008-07-10 193 }
32fe5e393 Kevin Lloyd 2008-07-10 194 kfree(swocInfo);
^^^^^^^^^^^^^^^^
32fe5e393 Kevin Lloyd 2008-07-10 195 }
break statement?
32fe5e393 Kevin Lloyd 2008-07-10 196 complete:
32fe5e393 Kevin Lloyd 2008-07-10 197 result = device_create_file(&us->pusb_intf->dev, &dev_attr_truinst);
04d66f3d0 Kangjie Lu 2019-03-24 198 if (result) {
04d66f3d0 Kangjie Lu 2019-03-24 @199 kfree(swocInfo);
^^^^^^^^^^^^^^^
Double free.
04d66f3d0 Kangjie Lu 2019-03-24 200 return result;
04d66f3d0 Kangjie Lu 2019-03-24 201 }
32fe5e393 Kevin Lloyd 2008-07-10 202
be475d902 Alan Stern 2009-05-21 203 return 0;
32fe5e393 Kevin Lloyd 2008-07-10 204 }
32fe5e393 Kevin Lloyd 2008-07-10 205
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation