lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230324133752.owl5euvurik3t64q@ripper>
Date:   Fri, 24 Mar 2023 06:37:52 -0700
From:   Bjorn Andersson <andersson@...nel.org>
To:     Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
Cc:     Andy Gross <agross@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...aro.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        Manivannan Sadhasivam <mani@...nel.org>,
        linux-arm-msm@...r.kernel.org, linux-pm@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] cpufreq: qcom-cpufreq-hw: fix double IO unmap and
 resource release on exit

On Thu, Mar 23, 2023 at 06:40:26PM +0100, Krzysztof Kozlowski wrote:
> Commit 054a3ef683a1 ("cpufreq: qcom-hw: Allocate qcom_cpufreq_data
> during probe") moved getting memory resource and iomap from
> qcom_cpufreq_hw_cpu_init() to the probe function, however it left
> untouched cleanup in qcom_cpufreq_hw_cpu_exit().
> 
> During device unbind this will lead to doule release of resource and
> double iounmap(), first by qcom_cpufreq_hw_cpu_exit() and second via
> managed resources:
> 
>   resource: Trying to free nonexistent resource <0x0000000018593000-0x0000000018593fff>
>   Trying to vunmap() nonexistent vm area (0000000088a7d4dc)
>   ...
>   vunmap (mm/vmalloc.c:2771 (discriminator 1))
>   iounmap (mm/ioremap.c:60)
>   devm_ioremap_release (lib/devres.c:19)
>   devres_release_all (drivers/base/devres.c:506 drivers/base/devres.c:535)
>   device_unbind_cleanup (drivers/base/dd.c:523)
>   device_release_driver_internal (drivers/base/dd.c:1248 drivers/base/dd.c:1263)
>   device_driver_detach (drivers/base/dd.c:1300)
>   unbind_store (drivers/base/bus.c:243)
>   drv_attr_store (drivers/base/bus.c:127)
>   sysfs_kf_write (fs/sysfs/file.c:137)
>   kernfs_fop_write_iter (fs/kernfs/file.c:334)
>   vfs_write (include/linux/fs.h:1851 fs/read_write.c:491 fs/read_write.c:584)
>   ksys_write (fs/read_write.c:637)
>   __arm64_sys_write (fs/read_write.c:646)
>   invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57)
>   el0_svc_common.constprop.0 (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/syscall.c:150)
>   do_el0_svc (arch/arm64/kernel/syscall.c:194)
>   el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638)
>   el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656)
>   el0t_64_sync (arch/arm64/kernel/entry.S:591)
> 
> Fixes: 054a3ef683a1 ("cpufreq: qcom-hw: Allocate qcom_cpufreq_data during probe")
> Cc: <stable@...r.kernel.org>
> Cc: Manivannan Sadhasivam <mani@...nel.org>
> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>

Reviewed-by: Bjorn Andersson <andersson@...nel.org>

Regards,
Bjorn

> ---
>  drivers/cpufreq/qcom-cpufreq-hw.c | 11 ++---------
>  1 file changed, 2 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
> index 2f581d2d617d..b2d2907200a9 100644
> --- a/drivers/cpufreq/qcom-cpufreq-hw.c
> +++ b/drivers/cpufreq/qcom-cpufreq-hw.c
> @@ -43,7 +43,6 @@ struct qcom_cpufreq_soc_data {
>  
>  struct qcom_cpufreq_data {
>  	void __iomem *base;
> -	struct resource *res;
>  
>  	/*
>  	 * Mutex to synchronize between de-init sequence and re-starting LMh
> @@ -590,16 +589,12 @@ static int qcom_cpufreq_hw_cpu_exit(struct cpufreq_policy *policy)
>  {
>  	struct device *cpu_dev = get_cpu_device(policy->cpu);
>  	struct qcom_cpufreq_data *data = policy->driver_data;
> -	struct resource *res = data->res;
> -	void __iomem *base = data->base;
>  
>  	dev_pm_opp_remove_all_dynamic(cpu_dev);
>  	dev_pm_opp_of_cpumask_remove_table(policy->related_cpus);
>  	qcom_cpufreq_hw_lmh_exit(data);
>  	kfree(policy->freq_table);
>  	kfree(data);
> -	iounmap(base);
> -	release_mem_region(res->start, resource_size(res));
>  
>  	return 0;
>  }
> @@ -718,17 +713,15 @@ static int qcom_cpufreq_hw_driver_probe(struct platform_device *pdev)
>  	for (i = 0; i < num_domains; i++) {
>  		struct qcom_cpufreq_data *data = &qcom_cpufreq.data[i];
>  		struct clk_init_data clk_init = {};
> -		struct resource *res;
>  		void __iomem *base;
>  
> -		base = devm_platform_get_and_ioremap_resource(pdev, i, &res);
> +		base = devm_platform_ioremap_resource(pdev, i);
>  		if (IS_ERR(base)) {
> -			dev_err(dev, "Failed to map resource %pR\n", res);
> +			dev_err(dev, "Failed to map resource index %d\n", i);
>  			return PTR_ERR(base);
>  		}
>  
>  		data->base = base;
> -		data->res = res;
>  
>  		/* Register CPU clock for each frequency domain */
>  		clk_init.name = kasprintf(GFP_KERNEL, "qcom_cpufreq%d", i);
> -- 
> 2.34.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ