lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7778df43-5169-4d1c-9fe6-44bee39edfc1@arm.com>
Date: Mon, 3 Mar 2025 13:43:33 +0000
From: Lukasz Luba <lukasz.luba@....com>
To: "Rafael J. Wysocki" <rafael@...nel.org>,
 Haoxiang Li <haoxiang_li2024@....com>
Cc: len.brown@...el.com, pavel@...nel.org, dietmar.eggemann@....com,
 linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org,
 stable@...r.kernel.org
Subject: Re: [PATCH] PM: EM: fix an API misuse issue in em_create_pd()



On 3/3/25 12:38, Rafael J. Wysocki wrote:
> On Mon, Mar 3, 2025 at 4:43 AM Haoxiang Li <haoxiang_li2024@....com> wrote:
>>
>> Replace kfree() with em_table_free() to free
>> the memory allocated by em_table_alloc().
> 
> Ostensibly, this is fixing a problem, but there's no problem described
> above.  Please describe it.

Thank Rafael for adding me on CC.

> 
>> Fixes: 24e9fb635df2 ("PM: EM: Remove old table")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
>> ---
>>   kernel/power/energy_model.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
>> index 3874f0e97651..71b60aa20227 100644
>> --- a/kernel/power/energy_model.c
>> +++ b/kernel/power/energy_model.c
>> @@ -447,7 +447,7 @@ static int em_create_pd(struct device *dev, int nr_states,
>>          return 0;
>>
>>   free_pd_table:
>> -       kfree(em_table);
>> +       em_table_free(em_table);
>>   free_pd:
>>          kfree(pd);
>>          return -EINVAL;
>> --
>> 2.25.1
>>

IMO there is no need to use RCU freeing mechanism, since
this table is not used yet. We failed in the initialization
steps, so we can simply call kfree() on that memory.

That 'free_pd_table' goto label is triggered before the call to:

rcu_assign_pointer(pd->em_table, em_table);

IMO this is even dangerous in the patch to abuse RCU free for such case.

Regards,
Lukasz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ