| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cd89c81f-2a9d-4b3f-94e9-c30471410686@zohomail.com>
Date: Thu, 12 Jun 2025 09:05:50 +0800
From: Li Ming <ming.li@...omail.com>
To: Jonathan Cameron <Jonathan.Cameron@...wei.com>
Cc: dave@...olabs.net, dave.jiang@...el.com, alison.schofield@...el.com,
vishal.l.verma@...el.com, ira.weiny@...el.com, dan.j.williams@...el.com,
shiju.jose@...wei.com, linux-cxl@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] cxl/edac: Fix potential memory leak issues
On 6/11/2025 9:16 PM, Jonathan Cameron wrote:
> On Wed, 11 Jun 2025 11:35:42 +0800
> Li Ming <ming.li@...omail.com> wrote:
>
>> In cxl_store_rec_gen_media() and cxl_store_rec_dram(), use kmemdup() to
>> duplicate a cxl gen_media/dram event to store the event in a xarray by
>> xa_store(). The cxl gen_media/dram event allocated by kmemdup() should
>> be freed in the case that the xa_store() fails.
>>
>> Fixes: 0b5ccb0de1e2 ("cxl/edac: Support for finding memory operation attributes from the current boot")
>> Signed-off-by: Li Ming <ming.li@...omail.com>
> Good fine but I'm not sure this is the best fix.
>
>> ---
>> base-commit: 87b42c114cdda76c8ad3002f2096699ad5146cb3 cxl/fixes
>> ---
>> drivers/cxl/core/edac.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/cxl/core/edac.c b/drivers/cxl/core/edac.c
>> index 2cbc664e5d62..b4c5c23a45d4 100644
>> --- a/drivers/cxl/core/edac.c
>> +++ b/drivers/cxl/core/edac.c
>> @@ -1086,13 +1086,13 @@ static void cxl_del_overflow_old_recs(struct xarray *rec_xarray)
>> int cxl_store_rec_gen_media(struct cxl_memdev *cxlmd, union cxl_event *evt)
>> {
>> struct cxl_mem_err_rec *array_rec = cxlmd->err_rec_array;
>> - struct cxl_event_gen_media *rec;
>> void *old_rec;
>>
>> if (!IS_ENABLED(CONFIG_CXL_EDAC_MEM_REPAIR) || !array_rec)
>> return 0;
>>
>> - rec = kmemdup(&evt->gen_media, sizeof(*rec), GFP_KERNEL);
>> + struct cxl_event_gen_media *rec __free(kfree) =
>> + kmemdup(&evt->gen_media, sizeof(*rec), GFP_KERNEL);
>> if (!rec)
>> return -ENOMEM;
>>
>> @@ -1106,6 +1106,7 @@ int cxl_store_rec_gen_media(struct cxl_memdev *cxlmd, union cxl_event *evt)
>>
>> cxl_del_expired_gmedia_recs(&array_rec->rec_gen_media, rec);
>> cxl_del_overflow_old_recs(&array_rec->rec_gen_media);
>> + retain_and_null_ptr(rec);
>>
>> return 0;
>> }
>> @@ -1114,13 +1115,13 @@ EXPORT_SYMBOL_NS_GPL(cxl_store_rec_gen_media, "CXL");
>> int cxl_store_rec_dram(struct cxl_memdev *cxlmd, union cxl_event *evt)
>> {
>> struct cxl_mem_err_rec *array_rec = cxlmd->err_rec_array;
>> - struct cxl_event_dram *rec;
>> void *old_rec;
>>
>> if (!IS_ENABLED(CONFIG_CXL_EDAC_MEM_REPAIR) || !array_rec)
>> return 0;
>>
>> - rec = kmemdup(&evt->dram, sizeof(*rec), GFP_KERNEL);
>> + struct cxl_event_dram *rec __free(kfree) =
>> + kmemdup(&evt->dram, sizeof(*rec), GFP_KERNEL);
>> if (!rec)
>> return -ENOMEM;
>>
>> @@ -1134,6 +1135,7 @@ int cxl_store_rec_dram(struct cxl_memdev *cxlmd, union cxl_event *evt)
>>
>> cxl_del_expired_dram_recs(&array_rec->rec_dram, rec);
>> cxl_del_overflow_old_recs(&array_rec->rec_dram);
>> + retain_and_null_ptr(rec);
> I'd move this up to immediately after we hand it over to the xa successfully.
>
> Actually I'm not sure this is a good use of __free given we have a single
> error path to handle it in and have to manually release it in a different
> call to where it is passed to the xa_store() function. Maybe better
> to just kfree in the error path.
Sure, I can do that, using kfree directly instead of the __free(kfree). Thanks for reviewing.
Ming
>
>
>>
>> return 0;
>> }
Powered by blists - more mailing lists