lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 10 Jul 2020 17:52:50 -0700
From:   Dan Williams <dan.j.williams@...el.com>
To:     Joao Martins <joao.m.martins@...cle.com>
Cc:     Linux MM <linux-mm@...ck.org>,
        Vishal L Verma <vishal.l.verma@...el.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Christoph Hellwig <hch@....de>,
        linux-nvdimm <linux-nvdimm@...ts.01.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        jmoyer <jmoyer@...hat.com>
Subject: Re: [PATCH 11/12] device-dax: Add dis-contiguous resource support

On Tue, May 12, 2020 at 7:37 AM Joao Martins <joao.m.martins@...cle.com> wrote:
>
> On 3/23/20 11:55 PM, Dan Williams wrote:
> > @@ -561,13 +580,26 @@ static int __alloc_dev_dax_range(struct dev_dax *dev_dax, u64 start,
> >       if (start == U64_MAX)
> >               return -EINVAL;
> >
> > +     ranges = krealloc(dev_dax->ranges, sizeof(*ranges)
> > +                     * (dev_dax->nr_range + 1), GFP_KERNEL);
> > +     if (!ranges)
> > +             return -ENOMEM;
> > +
> >       alloc = __request_region(res, start, size, dev_name(dev), 0);
> > -     if (!alloc)
> > +     if (!alloc) {
> > +             kfree(ranges);
> >               return -ENOMEM;
> > +     }
>
> Noticed this yesterday while looking at alloc_dev_dax_range().
>
> Is it correct to free @ranges here on __request_region failure?
>
> IIUC krealloc() would free dev_dax->ranges if it succeeds, leaving us without
> any valid ranges if __request_region failure case indeed frees @ranges. These
> @ranges are being used afterwards when we delete the interface and free the
> assigned regions. Perhaps we should remove the kfree() above and set
> dev_dax->ranges instead before __request_region; or alternatively change the
> call order between krealloc and __request_region? FWIW, krealloc checks if the
> object being reallocated already meets the requested size, so perhaps there's no
> harm with going with the former.

Yeah, the kfree is bogus. It can just wait until the device is
destroyed to be freed, but only if there is an existing allocation. If
this is a new allocation then nothing else will do the kfree.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ