lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Jun 2016 07:50:28 +0100
From:	Will Deacon <will.deacon@....com>
To:	Jan Kiszka <jan.kiszka@...mens.com>
Cc:	Bjorn Helgaas <bhelgaas@...gle.com>, linux-pci@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] pci: Add support for unbinding the generic PCI host
 controller

On Fri, Jun 24, 2016 at 08:39:08AM +0200, Jan Kiszka wrote:
> On 2016-06-24 08:12, Will Deacon wrote:
> > On Thu, Jun 23, 2016 at 07:31:34PM +0200, Jan Kiszka wrote:
> >> On 2016-06-22 08:06, Will Deacon wrote:
> >>>   - The probe path seems to have some stateful operations outside of PCI
> >>>     resources. For example, kzalloc'ing the bus_range resource in
> >>>     of_pci_get_host_bridge_resources. Do we need to clean these up
> >>>     explicitly?
> >>>
> >>>   - Similarly, we don't seem to tear-down the config space mappings and
> >>>     data structures for that, so we leak VA space afaict.
> >>>
> >>
> >> Good points. But to my understanding, everything is released
> >> automatically on pci_remove_root_bus because all the resources are
> >> registered with the bus which takes care of them during destruction. And
> >> if I trace the release, I find this e.g.
> >>
> >> ...
> >> devres_release_all() {
> >>   _raw_spin_lock_irqsave();
> >>   release_nodes() {
> >>     _raw_spin_unlock_irqrestore();
> >>     devm_action_release() {
> >>       gen_pci_unmap_cfg() {
> > 
> > Ah, thanks for investigating that -- I completely missed the explicit
> > devm_ callback. That resolves my concern about the config space mappings,
> > but I still don't understand what happens to the resources allocated
> > in of_pci_get_host_bridge_resources. It looks like they should actually
> > be freed within that function, since pci_add_resource{_offset} copy the
> > resources into their own resource_entries anyway.
> > 
> > Am I missing something?
> 
> Tracing kmalloc and kfree in addition, it seems you are right. But then
> we already have leaks in the code in case the setup fails somewhere in
> the middle, no? gen_pci_init only releases the resource list on errors,
> but not bus_range. And pci_host_common_probe does non of both if
> pci_scan_root_bus fails. Anything else?

Yeah, it's a right old mess. of_pci_get_host_bridge_resources even cleans
up after itself, but gen_pci_init can fail in other ways and then doesn't
clean up properly.

I wonder why of_pci_get_host_bridge_resources can't just use devm_kzalloc.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ