lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150616071523.GB5863@pali>
Date:	Tue, 16 Jun 2015 09:15:23 +0200
From:	Pali Rohár <pali.rohar@...il.com>
To:	Michal Hocko <mhocko@...e.cz>, Darren Hart <dvhart@...radead.org>
Cc:	Hans de Goede <hdegoede@...hat.com>,
	Ben Skeggs <bskeggs@...hat.com>,
	Stuart Hayes <stuart_hayes@...l.com>,
	Matthew Garrett <mjg@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	platform-driver-x86@...r.kernel.org, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: Possible broken MM code in dell-laptop.c?

On Tuesday 16 June 2015 08:33:46 Michal Hocko wrote:
> On Mon 15-06-15 23:27:59, Pali Rohár wrote:
> > On Monday 15 June 2015 23:18:16 Michal Hocko wrote:
> > > On Sun 14-06-15 11:05:07, Pali Rohár wrote:
> > > > Hello,
> > > > 
> > > > in drivers/platform/x86/dell-laptop.c is this part of code:
> > > > 
> > > > static int __init dell_init(void)
> > > > {
> > > > ...
> > > > 
> > > > 	/*
> > > > 	
> > > > 	 * Allocate buffer below 4GB for SMI data--only 32-bit physical
> > > > 	 addr * is passed to SMI handler.
> > > > 	 */
> > > > 	
> > > > 	bufferpage = alloc_page(GFP_KERNEL | GFP_DMA32);
> > > 
> > > [...]
> > > 
> > > > 	buffer = page_address(bufferpage);
> > > 
> > > [...]
> > > 
> > > > fail_rfkill:
> > > > 	free_page((unsigned long)bufferpage);
> > > 
> > > This one should be __free_page because it consumes struct page* and
> > > it is the proper counter part for alloc_page. free_page, just to
> > > make it confusing, consumes an address which has to be translated to
> > > a struct page.
> > > 
> > > I have no idea why the API has been done this way and yeah, it is
> > > really confusing.
> > > 
> > > [...]
> > > 
> > > > static void __exit dell_exit(void)
> > > > {
> > > > ...
> > > > 
> > > > 	free_page((unsigned long)buffer);
> > 
> > So both, either:
> > 
> >  free_page((unsigned long)buffer);
> > 
> > or
> > 
> >  __free_page(bufferpage);
> > 
> > is correct?
> 
> Yes. Although I would use __free_page variant as both seem to be
> globally visible.
> 

Michal, thank you for explaining this situation!

Darren, I will prepare patch which will fix code and use __free_page().

(Btw, execution on fail_rfkill label caused kernel panic)

-- 
Pali Rohár
pali.rohar@...il.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ