From patchwork Mon Apr 1 23:12:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1918580 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V7mxk3vlnz1yYH for ; Tue, 2 Apr 2024 10:12:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rrQp8-0001ow-9i; Mon, 01 Apr 2024 23:12:18 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rrQp3-0001nj-OJ for kernel-team@lists.ubuntu.com; Mon, 01 Apr 2024 23:12:13 +0000 Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 9E3BB3F622 for ; Mon, 1 Apr 2024 23:12:12 +0000 (UTC) Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7cbef888187so459730539f.2 for ; Mon, 01 Apr 2024 16:12:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712013131; x=1712617931; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IE/XsYstMbFXnGczj47UX78A7XKWIdZesAE86TzVw/c=; b=BuhsAwNkgSKGnp3Tz1K9BnDb7S0pbxZargvZyYO/VE0sQMXG4ypo3HHvqNTsCwc8VA 4FqD1xCMCGTYjY00NbW+TxUSj0pNmshJCRPwH+2Hb2r6wMmRCeTWbRCSTEp5NDSBmqiw V46HSwGYAjXSSOxjXVvblBC9ZCwtzCY/P/zZtKVDkbDFrPmjABc0YEvHold4UmKBlDZR W3Q+yk4cPth+XbLSCNGCt1WcZGiy8BhdQz1TqMdy/a6Ke5Ob124ZwB2c9HEDMb7jyy1s spvfFwz6GJOY6WrdGzlYbZUjvaLsZe8PmfKvOjRRcyXK8VuktRjYdmx0YHjDk6rwK9mX bkAA== X-Gm-Message-State: AOJu0YylJGH3wGNbaUqwsHUL5xBvnLSVltYnrdO9ULpr7vcIlqe5n5s1 l+T2gq9xwC08mmIEW9Tn6yV/cXB//UCYTopdCNE+XnB3VQKqmAHsC3utXdiXSsXGxjyPdBxrGUP eurbKbSpxeqb/UvzmZONx7SqsrcrtA4NIzsgxaEgJ+NQWHyLbGprOhCqf94YjUHpJhWzFklRaTG tAAk6yfIQ52Q== X-Received: by 2002:a6b:4e18:0:b0:7d0:94b7:cb44 with SMTP id c24-20020a6b4e18000000b007d094b7cb44mr12021053iob.1.1712013130995; Mon, 01 Apr 2024 16:12:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGtlsY9fjyj8eLQh9c5Jxa2/s7e3ebfqop8PJf6ZHh2qOBnYOTww1xQ2FRz2b9gzPAyO4n4kA== X-Received: by 2002:a6b:4e18:0:b0:7d0:94b7:cb44 with SMTP id c24-20020a6b4e18000000b007d094b7cb44mr12021044iob.1.1712013130745; Mon, 01 Apr 2024 16:12:10 -0700 (PDT) Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net. [104.218.69.129]) by smtp.gmail.com with ESMTPSA id z35-20020a0293a6000000b0047d678aab4asm2902260jah.22.2024.04.01.16.12.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Apr 2024 16:12:10 -0700 (PDT) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH 1/2] uio: uio_hv_generic: use devm_kzalloc() for private data alloc Date: Mon, 1 Apr 2024 18:12:07 -0500 Message-Id: <20240401231208.58101-2-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240401231208.58101-1-bethany.jamison@canonical.com> References: <20240401231208.58101-1-bethany.jamison@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Alexandru Ardelean This is a minor cleanup for the management of the private object of this driver. The allocation can be tied to the life-time of the hv_device object. This cleans up a bit the exit & error paths, since the object doesn't need to be explicitly free'd anymore. Signed-off-by: Alexandru Ardelean Link: https://lore.kernel.org/r/20201119154903.82099-4-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 74e71964b1a9ffd34fa4b6ec8f2fa13e7cf0ac7a) CVE-2021-47070 Signed-off-by: Bethany Jamison --- drivers/uio/uio_hv_generic.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index bdf3932ee3f20..47387e6f745cf 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -247,14 +247,14 @@ hv_uio_probe(struct hv_device *dev, return -ENOTSUPP; } - pdata = kzalloc(sizeof(*pdata), GFP_KERNEL); + pdata = devm_kzalloc(&dev->device, sizeof(*pdata), GFP_KERNEL); if (!pdata) return -ENOMEM; ret = vmbus_alloc_ring(channel, HV_RING_SIZE * PAGE_SIZE, HV_RING_SIZE * PAGE_SIZE); if (ret) - goto fail; + return ret; set_channel_read_mode(channel, HV_CALL_ISR); @@ -351,8 +351,6 @@ hv_uio_probe(struct hv_device *dev, fail_close: hv_uio_cleanup(dev, pdata); -fail: - kfree(pdata); return ret; } @@ -367,10 +365,8 @@ hv_uio_remove(struct hv_device *dev) uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); - hv_set_drvdata(dev, NULL); vmbus_free_ring(dev->channel); - kfree(pdata); return 0; } From patchwork Mon Apr 1 23:12:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bethany Jamison X-Patchwork-Id: 1918582 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V7mxk3zZXz1yZ4 for ; Tue, 2 Apr 2024 10:12:26 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rrQp8-0001p9-Fa; Mon, 01 Apr 2024 23:12:18 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rrQp5-0001o1-FS for kernel-team@lists.ubuntu.com; Mon, 01 Apr 2024 23:12:15 +0000 Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 3291C3F204 for ; Mon, 1 Apr 2024 23:12:13 +0000 (UTC) Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-366b97b571cso45439835ab.3 for ; Mon, 01 Apr 2024 16:12:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712013132; x=1712617932; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gBCcUZDkWdn0Pc7UCgBtrcpmAPF6GCwF4UjCGZ4UDbs=; b=ug4SXyRdU0xtLYZVkW6E/UyZr3bN3Cx3NU5kCv1HB1HBrm0LrfdjWR0PFrYBhK52x6 rNPhecenZkdPt5Cni+uflQveVxq0n5NB0W5MkEoQ+bVHgLBsYPgkFIYx8T8k26uurD83 XqbPXT2XEQYCnC8/3h2qUwcUrO43HCNKH2/FCOtuDFlWudQRVFdBKYuUgCLcdMGsyC+V RUX3jk8CZcW9h70M+20PmfjaXPFfFMd21Kchl+7a3dtCa8z0CP1DkZTXaXKT9370eFfQ BzQZKpHht5is51+xrmAKn3CWW0uycjtIFN8P+XiEu+LhHeltW/KHwJjJL7pefCTGrHZK Q1Rg== X-Gm-Message-State: AOJu0YylQd/Yum2e4tGTAihHMvWK1IbZH+Cg8Hc4EaObufQfPmasA+Om sF/GOou8ZhG24iNfm4oPY0AyJjMKt9QATgEd+hBSVJTsOPqNYNaAKnkbI/O2Bs5kzz8bX7bK9XC 8LottJGsirEqBioAi2s8kbG0cn8PyIC8GHjKJLE4HzuMDPYHjeYHYvGxq9a5wFiZ5JQqpJDYK9Y S1uTK2eAscvA== X-Received: by 2002:a05:6e02:1e02:b0:368:8ab3:7d9b with SMTP id g2-20020a056e021e0200b003688ab37d9bmr14512380ila.15.1712013131876; Mon, 01 Apr 2024 16:12:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEY5wx17gK7o/GZmaXYsRZ8ZfDf2lYe/342+4rF2gajMWVMvfzk5K5QuluUi30Xr7i12W7H+g== X-Received: by 2002:a05:6e02:1e02:b0:368:8ab3:7d9b with SMTP id g2-20020a056e021e0200b003688ab37d9bmr14512364ila.15.1712013131479; Mon, 01 Apr 2024 16:12:11 -0700 (PDT) Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net. [104.218.69.129]) by smtp.gmail.com with ESMTPSA id z35-20020a0293a6000000b0047d678aab4asm2902260jah.22.2024.04.01.16.12.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Apr 2024 16:12:11 -0700 (PDT) From: Bethany Jamison To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH 2/2] uio_hv_generic: Fix another memory leak in error handling paths Date: Mon, 1 Apr 2024 18:12:08 -0500 Message-Id: <20240401231208.58101-3-bethany.jamison@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240401231208.58101-1-bethany.jamison@canonical.com> References: <20240401231208.58101-1-bethany.jamison@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Christophe JAILLET Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function. Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use") Cc: stable Signed-off-by: Christophe JAILLET Link: https://lore.kernel.org/r/0d86027b8eeed8e6360bc3d52bcdb328ff9bdca1.1620544055.git.christophe.jaillet@wanadoo.fr Signed-off-by: Greg Kroah-Hartman (cherry picked from commit 0b0226be3a52dadd965644bc52a807961c2c26df) CVE-2021-47070 Signed-off-by: Bethany Jamison --- drivers/uio/uio_hv_generic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 47387e6f745cf..d533eb09d74a5 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -291,7 +291,7 @@ hv_uio_probe(struct hv_device *dev, pdata->recv_buf = vzalloc(RECV_BUFFER_SIZE); if (pdata->recv_buf == NULL) { ret = -ENOMEM; - goto fail_close; + goto fail_free_ring; } ret = vmbus_establish_gpadl(channel, pdata->recv_buf, @@ -351,6 +351,8 @@ hv_uio_probe(struct hv_device *dev, fail_close: hv_uio_cleanup(dev, pdata); +fail_free_ring: + vmbus_free_ring(dev->channel); return ret; }