Hello Atul Gupta,
The patch a08943947873: "crypto: chtls - Register chtls with net tls"
from Mar 31, 2018, leads to the following static checker warning:
drivers/crypto/chelsio/chtls/chtls_main.c:352 chtls_recv_packet()
error: double free of 'skb'
drivers/crypto/chelsio/chtls/chtls_main.c
337 static int chtls_recv_packet(struct chtls_dev *cdev,
338 const struct pkt_gl *gl, const __be64 *rsp)
339 {
340 unsigned int opcode = *(u8 *)rsp;
341 struct sk_buff *skb;
342 int ret;
343
344 skb = copy_gl_to_skb_pkt(gl, rsp, cdev->lldi->sge_pktshift);
345 if (!skb)
346 return -ENOMEM;
347
348 ret = chtls_handlers[opcode](cdev, skb);
349 if (ret & CPL_RET_BUF_DONE)
350 kfree_skb(skb);
This is a false positive because Smatch doesn't parse the test for
CPL_RET_BUF_DONE set correctly. It's not that complicated for me to fix
that in Smatch so I will eventually. But really this is risky code.
A bunch of these handler functions return -EINVAL. If they return an
odd numbered error code instead then we free skb which is pretty
subtle so far as APIs are concerned.
Looking at it now, I think we probably should be freeing skb on those
paths. The current code looks leaky to me.
351
352 return 0;
353 }
regards,
dan carpenter
