lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <09bab7ab-badd-4a7d-9ba5-5dd7181f6a6f@windriver.com>
Date: Tue, 29 Apr 2025 10:20:36 +0800
From: Xiaolei Wang <xiaolei.wang@...driver.com>
To: andersson@...nel.org, mathieu.poirier@...aro.org, shawnguo@...nel.org,
        s.hauer@...gutronix.de, kernel@...gutronix.de, festevam@...il.com
Cc: linux-remoteproc@...r.kernel.org, imx@...ts.linux.dev,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2 2/2] remoteproc: core: release rproc->clean_table after
 rproc_attach() fails


On 4/26/25 14:53, Xiaolei Wang wrote:
> When rproc->state = RPROC_DETACHED is attached to remote processor
> through rproc_attach(), if rproc_handle_resources() returns failure,
> then the clean table should be released, otherwise the following
> memory leak will occur.
>
> unreferenced object 0xffff000086a99800 (size 1024):
> comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 80 00 00 00 00 00 00 00 00 10 00 ............
> 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ............
> backtrace:
>   [<000000008bbe4ca8>] slab_post_alloc_hook+0x98/0x3fc
>   [<000000003b8a272b>] __kmem_cache_alloc_node+0x13c/0x230
>   [<000000007a507c51>] __kmalloc_node_track_caller+0x5c/0x260
>   [<0000000037818dae>] kmemdup+0x34/0x60
>   [<00000000610f7f57>] rproc_boot+0x35c/0x56c
>   [<0000000065f8871a>] rproc_add+0x124/0x17c
>   [<00000000497416ee>] imx_rproc_probe+0x4ec/0x5d4
>   [<000000003bcaa37d>] platform_probe+0x68/0xd8
>   [<00000000771577f9>] really_probe+0x110/0x27c
>   [<00000000531fea59>] __driver_probe_device+0x78/0x12c
>   [<0000000080036a04>] driver_probe_device+0x3c/0x118
>   [<000000007e0bddcb>] __device_attach_driver+0xb8/0xf8
>   [<000000000cf1fa33>] bus_for_each_drv+0x84/0xe4
>   [<000000001a53b53e>] __device_attach+0xfc/0x18c
>   [<00000000d1a2a32c>] device_initial_probe+0x14/0x20
>   [<00000000d8f8b7ae>] bus_probe_device+0xb0/0xb4
>   unreferenced object 0xffff0000864c9690 (size 16):
>
> Signed-off-by: Xiaolei Wang <xiaolei.wang@...driver.com>
> ---
>   drivers/remoteproc/remoteproc_core.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
> index b21eedefff87..6226e2d12a97 100644
> --- a/drivers/remoteproc/remoteproc_core.c
> +++ b/drivers/remoteproc/remoteproc_core.c
> @@ -1656,6 +1656,7 @@ static int rproc_attach(struct rproc *rproc)
>   unprepare_device:
>   	/* release HW resources if needed */
>   	rproc_unprepare_device(rproc);
> +	kfree(rproc->clean_table);
>   disable_iommu:
>   	rproc_disable_iommu(rproc);
>   	return ret;

Hi Mathieu

For this patch, if I use devm_kmemdup() instead of kmemdup()

in rproc_set_rsc_table() function, is it better? Also delete

kfree(rproc->clean_table) in rproc_set_rsc_table()

thanks

xiaolei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ