[12/14] powerpc/rtas: Close theoretical memory leak

Message ID	20220308135047.478297-13-npiggin@gmail.com (mailing list archive)
State	Changes Requested
Headers	show Return-Path: <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Nicholas Piggin <npiggin@gmail.com> To: linuxppc-dev@lists.ozlabs.org Subject: [PATCH 12/14] powerpc/rtas: Close theoretical memory leak Date: Tue, 8 Mar 2022 23:50:45 +1000 Message-Id: <20220308135047.478297-13-npiggin@gmail.com> In-Reply-To: <20220308135047.478297-1-npiggin@gmail.com> References: <20220308135047.478297-1-npiggin@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Laurent Dufour <ldufour@linux.ibm.com>, Nicholas Piggin <npiggin@gmail.com> Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	powerpc/rtas: various cleanups and improvements \| expand [00/14] powerpc/rtas: various cleanups and improvements [01/14] powerpc/rtas: Move rtas entry assembly into its own file [02/14] powerpc/rtas: Make enter_rtas a nokprobe symbol on 64-bit [03/14] powerpc/rtas: Fix whitespace in rtas_entry.S [04/14] powerpc/rtas: Call enter_rtas with MSR[EE] disabled [05/14] powerpc/rtas: Modernise RI clearing on 64-bit [06/14] powerpc/rtas: Load rtas entry MSR explicitly [07/14] powerpc/rtas: PACA can be restored directly from SPRG [08/14] powerpc/rtas: call enter_rtas in real-mode on 64-bit [09/14] powerpc/rtas: Leave MSR[RI] enabled over RTAS call [10/14] powerpc/rtas: replace rtas_call_unlocked with raw_rtas_call [11/14] powerpc/rtas: tidy __fetch_rtas_last_error [12/14] powerpc/rtas: Close theoretical memory leak [13/14] powerpc/rtas: enture rtas_call is called with MMU enabled [14/14] powerpc/rtas: Consolidate and improve checking for rtas callers

Message ID

20220308135047.478297-13-npiggin@gmail.com (mailing list archive)

State

Changes Requested

Headers

From: Nicholas Piggin <npiggin@gmail.com>
To: linuxppc-dev@lists.ozlabs.org
Subject: [PATCH 12/14] powerpc/rtas: Close theoretical memory leak
Date: Tue,  8 Mar 2022 23:50:45 +1000
Message-Id: <20220308135047.478297-13-npiggin@gmail.com>
In-Reply-To: <20220308135047.478297-1-npiggin@gmail.com>
References: <20220308135047.478297-1-npiggin@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: Laurent Dufour <ldufour@linux.ibm.com>,
 Nicholas Piggin <npiggin@gmail.com>
Errors-To: linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Linuxppc-dev"
 <linuxppc-dev-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

powerpc/rtas: various cleanups and improvements | expand

Commit Message

Nicholas Piggin March 8, 2022, 1:50 p.m. UTC

If buff_copy allocation failed then there was an error and the errbuf
allocation succeeded, it will not be logged or freed.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
 arch/powerpc/kernel/rtas.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Laurent Dufour March 15, 2022, 5:17 p.m. UTC | #1

On 08/03/2022, 14:50:45, Nicholas Piggin wrote:
> If buff_copy allocation failed then there was an error and the errbuf
> allocation succeeded, it will not be logged or freed.

Good catch!

Since you're dealing with the error log buffer allocation/free, I think it
would be better to not make this allocation in __fetch_rtas_last_error()
and to rely on the caller to allocate it before taking the rtas lock.

This way, the allocation is done without holding the rtas lock, as done in
rtas().

This would simplify __fetch_rtas_last_error() and the caller logic to free
the buffer too.

Laurent.

> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
> ---
>  arch/powerpc/kernel/rtas.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
> index e047793cbb80..1fc22138e3ab 100644
> --- a/arch/powerpc/kernel/rtas.c
> +++ b/arch/powerpc/kernel/rtas.c
> @@ -1239,9 +1239,10 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
>  
>  	unlock_rtas(flags);
>  
> -	if (buff_copy) {
> -		if (errbuf)
> -			log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
> +	if (errbuf) {
> +		log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
> +		kfree(errbuf);
> +	} else if (buff_copy) {
>  		kfree(buff_copy);
>  	}
>

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index e047793cbb80..1fc22138e3ab 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1239,9 +1239,10 @@  SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
 
 	unlock_rtas(flags);
 
-	if (buff_copy) {
-		if (errbuf)
-			log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
+	if (errbuf) {
+		log_error(errbuf, ERR_TYPE_RTAS_LOG, 0);
+		kfree(errbuf);
+	} else if (buff_copy) {
 		kfree(buff_copy);
 	}

[12/14] powerpc/rtas: Close theoretical memory leak

Commit Message

Comments

Patch