lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240524-ioatdma-fixes-v1-3-b785f1f7accc@yadro.com>
Date: Fri, 24 May 2024 13:24:48 +0300
From: Nikita Shubin via B4 Relay <devnull+n.shubin.yadro.com@...nel.org>
To: Vinod Koul <vkoul@...nel.org>, Dave Jiang <dave.jiang@...el.com>, 
 Logan Gunthorpe <logang@...tatee.com>
Cc: dmaengine@...r.kernel.org, linux-kernel@...r.kernel.org, 
 Nikita Shubin <n.shubin@...ro.com>, 
 Andy Shevchenko <andy.shevchenko@...il.com>
Subject: [PATCH 3/3] dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()

From: Nikita Shubin <n.shubin@...ro.com>

If probing fails we end up with leaking ioatdma_device and each
allocated channel.

Following kmemleak is easy to be reproduced by injecting error in
ioat_alloc_chan_resources() when doing ioat_dma_self_test().

unreferenced object 0xffff888014ad5800 (size 1024):
  comm "modprobe", pid 73, jiffies 4294681749
  hex dump (first 32 bytes):
    00 10 00 13 80 88 ff ff 00 c0 3f 00 00 c9 ff ff  ..........?.....
    00 ce 76 13 80 88 ff ff 00 00 00 00 00 00 00 00  ..v.............
  backtrace (crc 1f353f55):
    [<ffffffff827692ca>] kmemleak_alloc+0x4a/0x80
    [<ffffffff81430600>] kmalloc_trace+0x270/0x2f0
    [<ffffffffa000b7d1>] ioat_pci_probe+0xc1/0x1c0 [ioatdma]
    [<ffffffff8199376a>] local_pci_probe+0x7a/0xe0
    [<ffffffff81995189>] pci_call_probe+0xd9/0x2c0
    [<ffffffff81995975>] pci_device_probe+0xa5/0x170
    [<ffffffff81f5f89b>] really_probe+0x14b/0x510
    [<ffffffff81f5fd4a>] __driver_probe_device+0xda/0x1f0
    [<ffffffff81f5febf>] driver_probe_device+0x4f/0x120
    [<ffffffff81f6028a>] __driver_attach+0x14a/0x2b0
    [<ffffffff81f5c56c>] bus_for_each_dev+0xec/0x160
    [<ffffffff81f5ee1b>] driver_attach+0x2b/0x40
    [<ffffffff81f5e0d3>] bus_add_driver+0x1a3/0x300
    [<ffffffff81f61db3>] driver_register+0xa3/0x1d0
    [<ffffffff8199325b>] __pci_register_driver+0xeb/0x100
    [<ffffffffa003009c>] 0xffffffffa003009c

repeated for each ioatdma channel:

unreferenced object 0xffff8880148e5c00 (size 512):
  comm "modprobe", pid 73, jiffies 4294681751
  hex dump (first 32 bytes):
    40 58 ad 14 80 88 ff ff 00 00 00 00 00 00 00 00  @X..............
    01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc fbc62789):
    [<ffffffff827692ca>] kmemleak_alloc+0x4a/0x80
    [<ffffffff81430600>] kmalloc_trace+0x270/0x2f0
    [<ffffffffa0009641>] ioat_enumerate_channels+0x101/0x2d0 [ioatdma]
    [<ffffffffa000b266>] ioat3_dma_probe+0x4d6/0x970 [ioatdma]
    [<ffffffffa000b891>] ioat_pci_probe+0x181/0x1c0 [ioatdma]
    [<ffffffff8199376a>] local_pci_probe+0x7a/0xe0
    [<ffffffff81995189>] pci_call_probe+0xd9/0x2c0
    [<ffffffff81995975>] pci_device_probe+0xa5/0x170
    [<ffffffff81f5f89b>] really_probe+0x14b/0x510
    [<ffffffff81f5fd4a>] __driver_probe_device+0xda/0x1f0
    [<ffffffff81f5febf>] driver_probe_device+0x4f/0x120
    [<ffffffff81f6028a>] __driver_attach+0x14a/0x2b0
    [<ffffffff81f5c56c>] bus_for_each_dev+0xec/0x160
    [<ffffffff81f5ee1b>] driver_attach+0x2b/0x40
    [<ffffffff81f5e0d3>] bus_add_driver+0x1a3/0x300
    [<ffffffff81f61db3>] driver_register+0xa3/0x1d0

Fixes: bf453a0a18b2 ("dmaengine: ioat: Support in-use unbind")
Signed-off-by: Nikita Shubin <n.shubin@...ro.com>
---
 drivers/dma/ioat/init.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/dma/ioat/init.c b/drivers/dma/ioat/init.c
index 26964b7c8cf1..d0d787cfd0e0 100644
--- a/drivers/dma/ioat/init.c
+++ b/drivers/dma/ioat/init.c
@@ -1348,7 +1348,7 @@ static int ioat_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	struct device *dev = &pdev->dev;
 	struct ioatdma_device *device;
 	u8 version;
-	int err;
+	int err, i;
 
 	err = pcim_enable_device(pdev);
 	if (err)
@@ -1384,6 +1384,9 @@ static int ioat_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 
 	err = ioat3_dma_probe(device, ioat_dca_enabled);
 	if (err) {
+		for (i = 0; i < IOAT_MAX_CHANS; i++)
+			kfree(device->idx[i]);
+		kfree(device);
 		dev_err(dev, "Intel(R) I/OAT DMA Engine init failed\n");
 		return -ENODEV;
 	}

-- 
2.43.2



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ