lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20211209063618.123473-1-niejianglei2021@163.com>
Date:   Thu,  9 Dec 2021 14:36:18 +0800
From:   Jianglei Nie <niejianglei2021@....com>
To:     alexander.deucher@....com, christian.koenig@....com,
        Xinhui.Pan@....com, airlied@...ux.ie, daniel@...ll.ch,
        Hawking.Zhang@....com, john.clements@....com, candice.li@....com,
        lijo.lazar@....com, Jinzhou.Su@....com, jonathan.kim@....com
Cc:     amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org,
        Jianglei Nie <niejianglei2021@....com>
Subject: [PATCH] drm/amdgpu: Fix reference leak in psp_xgmi_reflect_topology_info()

In line 1138 (#1), amdgpu_get_xgmi_hive() increases the kobject reference
counter of the hive it returned. The hive returned by
amdgpu_get_xgmi_hive()should be released with the help of
amdgpu_put_xgmi_hive() to balance its kobject reference counter properly.
Forgetting the amdgpu_put_xgmi_hive() operation will result in reference
leak.

We can fix it by calling amdgpu_put_xgmi_hive() before the end of the
function (#2).

1128 static void psp_xgmi_reflect_topology_info(struct psp_context *psp,
1129 			struct psp_xgmi_node_info node_info)
1130 {

1138 	hive = amdgpu_get_xgmi_hive(psp->adev);
	// #1: kzalloc space reference increment
1139 	list_for_each_entry(mirror_adev, &hive->device_list, gmc.xgmi.head) {
1140		struct psp_xgmi_topology_info *mirror_top_info;
1141		int j;

1143		if (mirror_adev->gmc.xgmi.node_id != dst_node_id)
1144			continue;

1146		mirror_top_info = &mirror_adev->psp.xgmi_context.top_info;
1147		for (j = 0; j < mirror_top_info->num_nodes; j++) {
1148			if (mirror_top_info->nodes[j].node_id != src_node_id)
1149				continue;

1151			mirror_top_info->nodes[j].num_hops = dst_num_hops;

1157			if (dst_num_links)
1158				mirror_top_info->nodes[j].num_links = dst_num_links;

1160			break;
1161		}

1163		break;
1164	}
	// #2: missing reference decrement
1165 }

Signed-off-by: Jianglei Nie <niejianglei2021@....com>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
index c641f84649d6..f6362047ed71 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -1162,6 +1162,7 @@ static void psp_xgmi_reflect_topology_info(struct psp_context *psp,
 
 		break;
 	}
+	amdgpu_put_xgmi_hive(hive);
 }
 
 int psp_xgmi_get_topology_info(struct psp_context *psp,
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ