linux/drivers
Tom Rix c06c76602e crypto: qat - fix double free in qat_uclo_create_batch_init_list
clang static analysis flags this error

qat_uclo.c:297:3: warning: Attempt to free released memory
  [unix.Malloc]
                kfree(*init_tab_base);
                ^~~~~~~~~~~~~~~~~~~~~

When input *init_tab_base is null, the function allocates memory for
the head of the list.  When there is problem allocating other list
elements the list is unwound and freed.  Then a check is made if the
list head was allocated and is also freed.

Keeping track of the what may need to be freed is the variable 'tail_old'.
The unwinding/freeing block is

	while (tail_old) {
		mem_init = tail_old->next;
		kfree(tail_old);
		tail_old = mem_init;
	}

The problem is that the first element of tail_old is also what was
allocated for the list head

		init_header = kzalloc(sizeof(*init_header), GFP_KERNEL);
		...
		*init_tab_base = init_header;
		flag = 1;
	}
	tail_old = init_header;

So *init_tab_base/init_header are freed twice.

There is another problem.
When the input *init_tab_base is non null the tail_old is calculated by
traveling down the list to first non null entry.

	tail_old = init_header;
	while (tail_old->next)
		tail_old = tail_old->next;

When the unwinding free happens, the last entry of the input list will
be freed.

So the freeing needs a general changed.
If locally allocated the first element of tail_old is freed, else it
is skipped.  As a bit of cleanup, reset *init_tab_base if it came in
as null.

Fixes: b4b7e67c91 ("crypto: qat - Intel(R) QAT ucode part of fw loader")
Cc: <stable@vger.kernel.org>
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-23 17:34:17 +10:00
..
accessibility treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
acpi libnvdimm for 5.8 2020-06-13 13:04:36 -07:00
amba ARM: SoC changes for v5.8 2020-06-04 19:47:11 -07:00
android treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ata treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
atm treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
auxdisplay treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
base linux-kselftest-kunit-5.8-rc1 2020-06-09 10:04:47 -07:00
bcma
block Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
bus Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
cdrom Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-06-10 16:05:54 -07:00
char hwrng: ks-sa - Replace HTTP links with HTTPS ones 2020-07-16 21:49:06 +10:00
clk treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
clocksource clocksource/drivers/timer-riscv: Use per-CPU timer interrupt 2020-06-09 19:11:22 -07:00
connector treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
counter
cpufreq treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
cpuidle - Add the hwmon support on the i.MX SC (Anson Huang) 2020-06-12 14:10:21 -07:00
crypto crypto: qat - fix double free in qat_uclo_create_batch_init_list 2020-07-23 17:34:17 +10:00
dax device-dax: add memory via add_memory_driver_managed() 2020-06-04 19:06:23 -07:00
dca
devfreq
dio
dma treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dma-buf treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
edac Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
eisa treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
extcon
firewire
firmware efi: use sha256() instead of open coding 2020-07-16 21:49:05 +10:00
fpga Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
fsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gnss treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gpio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gpu Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
greybus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hid treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hv hyperv-next for 5.8 2020-06-03 15:00:05 -07:00
hwmon Merge branch 'x86/entry' into ras/core 2020-06-11 15:17:57 +02:00
hwspinlock
hwtracing Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
i2c Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
i3c
ide treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
idle
iio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
infiniband treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
input treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
interconnect More power management updates for 5.8-rc1 2020-06-10 14:04:39 -07:00
iommu Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
ipack treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
irqchip clocksource/drivers/timer-riscv: Use per-CPU timer interrupt 2020-06-09 19:11:22 -07:00
isdn treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
leds LEDs pull request for 5.8-rc1. 2020-06-04 11:03:45 -07:00
lightnvm for-5.8/block-2020-06-01 2020-06-02 15:29:19 -07:00
macintosh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mailbox mailbox: qcom: Add ipq6018 apcs compatible 2020-06-10 22:43:57 -05:00
mcb
md treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
media Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
memory
memstick
message treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mfd treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
misc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mmc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
most
mtd This pull request contains a single change for UBI: 2020-06-10 13:24:40 -07:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
nfc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ntb NTB: perf: Fix race condition when run with ntb_test 2020-06-05 20:02:09 -04:00
nubus
nvdimm libnvdimm for 5.8 2020-06-13 13:04:36 -07:00
nvme Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
nvmem
of Driver core patches for 5.8-rc1 2020-06-07 10:53:36 -07:00
opp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
oprofile mmap locking API: convert mmap_sem comments 2020-06-09 09:39:14 -07:00
parisc
parport treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
pci Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pcmcia treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
perf arm64 merge window fixes for -rc1 2020-06-11 12:53:23 -07:00
phy
pinctrl This is the bulk of pin control changes for the v5.8 2020-06-07 16:13:43 -07:00
platform Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pnp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
power power supply and reset changes for the v5.8 series 2020-06-10 11:28:35 -07:00
powercap Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pps treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ps3
ptp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
pwm pwm: Add missing "CONFIG_" prefix 2020-06-04 19:09:28 +02:00
rapidio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ras
regulator Merge remote-tracking branch 'regulator/for-5.8' into regulator-linus 2020-06-01 13:01:44 +01:00
remoteproc remoteproc updates for v5.8 2020-06-08 13:01:08 -07:00
reset Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
rpmsg remoteproc updates for v5.8 2020-06-08 13:01:08 -07:00
rtc RTC for 5.8 2020-06-07 16:11:23 -07:00
s390 s390 updates for the 5.8 merge window 2020-06-08 12:05:31 -07:00
sbus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
scsi Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
sfi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
sh
siox
slimbus
soc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
soundwire
spi Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
spmi
ssb
staging Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
target Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
tc
tee mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
thermal - Add the hwmon support on the i.MX SC (Anson Huang) 2020-06-12 14:10:21 -07:00
thunderbolt USB/PHY driver updates for 5.8-rc1 2020-06-07 09:42:16 -07:00
tty treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
uio
usb Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
vdpa ifcvf: implement config interrupt in IFCVF 2020-06-06 16:26:47 -04:00
vfio kernel: better document the use_mm/unuse_mm API contract 2020-06-10 19:14:18 -07:00
vhost Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
video treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
virt treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
virtio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
visorbus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
vlynq
vme treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
w1 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
watchdog treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
xen The X86 entry, exception and interrupt code rework 2020-06-13 10:05:47 -07:00
zorro treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Kconfig
Makefile