lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <52a6e750-71ed-b1d5-8693-2759be4cd6e5@linux.intel.com>
Date:   Thu, 23 Nov 2023 17:27:23 +0200 (EET)
From:   Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To:     "David E. Box" <david.e.box@...ux.intel.com>
cc:     LKML <linux-kernel@...r.kernel.org>,
        platform-driver-x86@...r.kernel.org, rajvi.jingar@...ux.intel.com
Subject: Re: [PATCH V5 01/20] platform/x86/intel/vsec: Fix xa_alloc memory
 leak

On Wed, 22 Nov 2023, David E. Box wrote:

> Fixes memory leak, caught be kmemleak, due to failure to erase auxiliary
> device entries from an xarray on removal.
> 
> Signed-off-by: David E. Box <david.e.box@...ux.intel.com>
> ---
> V5 - New patch
> 
>  drivers/platform/x86/intel/vsec.c | 24 ++++++++++++++++--------
>  drivers/platform/x86/intel/vsec.h |  1 +
>  2 files changed, 17 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/platform/x86/intel/vsec.c b/drivers/platform/x86/intel/vsec.c
> index c1f9e4471b28..ae811bb65910 100644
> --- a/drivers/platform/x86/intel/vsec.c
> +++ b/drivers/platform/x86/intel/vsec.c
> @@ -120,6 +120,8 @@ static void intel_vsec_dev_release(struct device *dev)
>  {
>  	struct intel_vsec_device *intel_vsec_dev = dev_to_ivdev(dev);
>  
> +	xa_erase(&auxdev_array, intel_vsec_dev->id);
> +
>  	mutex_lock(&vsec_ida_lock);
>  	ida_free(intel_vsec_dev->ida, intel_vsec_dev->auxdev.id);
>  	mutex_unlock(&vsec_ida_lock);
> @@ -136,9 +138,21 @@ int intel_vsec_add_aux(struct pci_dev *pdev, struct device *parent,
>  	int ret, id;
>  
>  	mutex_lock(&vsec_ida_lock);
> -	ret = ida_alloc(intel_vsec_dev->ida, GFP_KERNEL);
> +	id = ida_alloc(intel_vsec_dev->ida, GFP_KERNEL);
>  	mutex_unlock(&vsec_ida_lock);
> +	if (id < 0) {
> +		kfree(intel_vsec_dev->resource);
> +		kfree(intel_vsec_dev);
> +		return ret;
> +	}
> +
> +	ret = xa_alloc(&auxdev_array, &intel_vsec_dev->id, intel_vsec_dev,
> +		       PMT_XA_LIMIT, GFP_KERNEL);
>  	if (ret < 0) {
> +		mutex_lock(&vsec_ida_lock);
> +		ida_free(intel_vsec_dev->ida, id);
> +		mutex_unlock(&vsec_ida_lock);
> +
>  		kfree(intel_vsec_dev->resource);
>  		kfree(intel_vsec_dev);
>  		return ret;
> @@ -147,7 +161,7 @@ int intel_vsec_add_aux(struct pci_dev *pdev, struct device *parent,
>  	if (!parent)
>  		parent = &pdev->dev;
>  
> -	auxdev->id = ret;
> +	auxdev->id = id;
>  	auxdev->name = name;
>  	auxdev->dev.parent = parent;
>  	auxdev->dev.release = intel_vsec_dev_release;
> @@ -169,12 +183,6 @@ int intel_vsec_add_aux(struct pci_dev *pdev, struct device *parent,
>  	if (ret < 0)
>  		return ret;
>  
> -	/* Add auxdev to list */
> -	ret = xa_alloc(&auxdev_array, &id, intel_vsec_dev, PMT_XA_LIMIT,
> -		       GFP_KERNEL);
> -	if (ret)
> -		return ret;
> -
>  	return 0;

BTW, there's also another unnecessary return construct around this which 
remains after this removal. The devm_add_Action_or_reset() value can be 
returned directly (maybe make another patch from that cleanup though 
since this is a Fixes patch).

-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ