[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230406015315.31505-2-mirsad.todorovac@alu.unizg.hr>
Date: Thu, 6 Apr 2023 03:53:19 +0200
From: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Russ Weight <russell.h.weight@...el.com>,
linux-kernel@...r.kernel.org
Cc: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>,
Luis Chamberlain <mcgrof@...nel.org>,
Tianfei zhang <tianfei.zhang@...el.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Zhengchao Shao <shaozhengchao@...wei.com>,
Colin Ian King <colin.i.king@...il.com>,
Dan Carpenter <error27@...il.com>, Takashi Iwai <tiwai@...e.de>
Subject: [PATCH v3 2/2] test_firmware: fix memory leak in trigger_batched_requests_store()
trigger_batched_requests_store() and trigger_batched_requests_async_store()
both caused test_fw_config->reqs ptr to be overwritten with the new call to
either function and the vzalloc() call, leaving the old memory object
unreferenced.
Semantically the most simple and prudent solution seemed to be returning the
-EBUSY errno in this case, rather than permitting a kernel memory leak.
However, this did fix closed only these obvious leaks, not all that are
present in the test firmware loader.
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Luis Chamberlain <mcgrof@...nel.org>
Cc: Russ Weight <russell.h.weight@...el.com>
Cc: Tianfei zhang <tianfei.zhang@...el.com>
Cc: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
Cc: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: Zhengchao Shao <shaozhengchao@...wei.com>
Cc: Colin Ian King <colin.i.king@...il.com>
Cc: linux-kernel@...r.kernel.org
Suggested-by: Dan Carpenter <error27@...il.com>
Suggested-by: Takashi Iwai <tiwai@...e.de>
Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
---
lib/test_firmware.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lib/test_firmware.c b/lib/test_firmware.c
index 272af8dc54b0..b81f5621626e 100644
--- a/lib/test_firmware.c
+++ b/lib/test_firmware.c
@@ -919,6 +919,11 @@ static ssize_t trigger_batched_requests_store(struct device *dev,
mutex_lock(&test_fw_mutex);
+ if (test_fw_config->reqs) {
+ rc = -EBUSY;
+ goto out_bail;
+ }
+
test_fw_config->reqs =
vzalloc(array3_size(sizeof(struct test_batched_req),
test_fw_config->num_requests, 2));
@@ -1017,6 +1022,11 @@ ssize_t trigger_batched_requests_async_store(struct device *dev,
mutex_lock(&test_fw_mutex);
+ if (test_fw_config->reqs) {
+ rc = -EBUSY;
+ goto out_bail;
+ }
+
test_fw_config->reqs =
vzalloc(array3_size(sizeof(struct test_batched_req),
test_fw_config->num_requests, 2));
--
2.30.2
Powered by blists - more mailing lists