From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F3D9EC2FC2F for ; Thu, 17 Aug 2023 14:04:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:From:References:Cc:To: Subject:MIME-Version:Date:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=niqfxPY4O0Xxw3Q+yevA24cobJOxPqx7qHZgSVd2miI=; b=SvdT3XBYHw+g5j Y/nb9DDzcrd9xqXzcwyR9ZDLhY2O5BN/jXs2uZIWJc2Vt9QiOSiPjbSbt1eXgrtCJgfsLDuNB5fjv eQvWTT9FMWWqetGDri8BRvDz4Z2PZfgd5JbVYbHYGqdvXY3tjRzeEW0uct5owdgC0i1+eLbUR6z1y Q3I8JyN6H6W1wAtwL0aH3gSv9pifm1tVqOHDnQlQgif6oOiuz7PMyj5a4ooaeH1XBzyF93JZTDToo fTAhNJFkn5S3luUpW+Te5YmZ4zzmhh1g5Uvzn25xV1Pu2B5+n+YFE7iCUn2CASkjgQmI5fn9nB5pF LQdQ3sQa5R+hfkk0/xhQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qWdbI-006VeB-0z; Thu, 17 Aug 2023 14:03:48 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qWdbE-006Vdl-1q for linux-arm-kernel@lists.infradead.org; Thu, 17 Aug 2023 14:03:46 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AB636D75; Thu, 17 Aug 2023 07:04:23 -0700 (PDT) Received: from [192.168.1.3] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5322B3F6C4; Thu, 17 Aug 2023 07:03:41 -0700 (PDT) Message-ID: <1d38e877-35ed-5f70-e51f-ea875deab903@arm.com> Date: Thu, 17 Aug 2023 15:03:25 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH 1/2] coresight: Fix memory leak in acpi_buffer->pointer Content-Language: en-US To: Junhao He , suzuki.poulose@arm.com, mike.leach@linaro.org, leo.yan@linaro.org Cc: coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxarm@huawei.com, jonathan.cameron@huawei.com, yangyicong@huawei.com, prime.zeng@hisilicon.com References: <20230817085937.55590-1-hejunhao3@huawei.com> <20230817085937.55590-2-hejunhao3@huawei.com> From: James Clark In-Reply-To: <20230817085937.55590-2-hejunhao3@huawei.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230817_070344_702743_387C6B5B X-CRM114-Status: GOOD ( 26.83 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 17/08/2023 09:59, Junhao He wrote: > There are memory leaks reported by kmemleak: > ... > unreferenced object 0xffff00213c141000 (size 1024): > comm "systemd-udevd", pid 2123, jiffies 4294909467 (age 6062.160s) > hex dump (first 32 bytes): > 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ........... 00 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 ................ > backtrace: > [<000000004b7c9001>] __kmem_cache_alloc_node+0x2f8/0x348 > [<00000000b0fc7ceb>] __kmalloc+0x58/0x108 > [<0000000064ff4695>] acpi_os_allocate+0x2c/0x68 > [<000000007d57d116>] acpi_ut_initialize_buffer+0x54/0xe0 > [<0000000024583908>] acpi_evaluate_object+0x388/0x438 > [<0000000017b2e72b>] acpi_evaluate_object_typed+0xe8/0x240 > [<000000005df0eac2>] coresight_get_platform_data+0x1b4/0x988 [coresight] > ... > > The ACPI buffer memory (buf.pointer) should be freed. But the buffer > is also used after returning from acpi_get_dsd_graph(). > Move the temporary variables buf to acpi_coresight_parse_graph(), > and free it before the function return to prevent memory leak. > > Fixes: 76ffa5ab5b79 ("coresight: Support for ACPI bindings") > Signed-off-by: Junhao He I confirmed that the error gone. Thanks for the fix. Reviewed-by: James Clark > --- > .../hwtracing/coresight/coresight-platform.c | 40 ++++++++++++------- > 1 file changed, 26 insertions(+), 14 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-platform.c b/drivers/hwtracing/coresight/coresight-platform.c > index 7d7b641c0a71..9d550f5697fa 100644 > --- a/drivers/hwtracing/coresight/coresight-platform.c > +++ b/drivers/hwtracing/coresight/coresight-platform.c > @@ -492,19 +492,18 @@ static inline bool acpi_validate_dsd_graph(const union acpi_object *graph) > > /* acpi_get_dsd_graph - Find the _DSD Graph property for the given device. */ > static const union acpi_object * > -acpi_get_dsd_graph(struct acpi_device *adev) > +acpi_get_dsd_graph(struct acpi_device *adev, struct acpi_buffer *buf) > { > int i; > - struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER }; > acpi_status status; > const union acpi_object *dsd; > > status = acpi_evaluate_object_typed(adev->handle, "_DSD", NULL, > - &buf, ACPI_TYPE_PACKAGE); > + buf, ACPI_TYPE_PACKAGE); > if (ACPI_FAILURE(status)) > return NULL; > > - dsd = buf.pointer; > + dsd = buf->pointer; > > /* > * _DSD property consists tuples { Prop_UUID, Package() } > @@ -555,12 +554,12 @@ acpi_validate_coresight_graph(const union acpi_object *cs_graph) > * returns NULL. > */ > static const union acpi_object * > -acpi_get_coresight_graph(struct acpi_device *adev) > +acpi_get_coresight_graph(struct acpi_device *adev, struct acpi_buffer *buf) > { > const union acpi_object *graph_list, *graph; > int i, nr_graphs; > > - graph_list = acpi_get_dsd_graph(adev); > + graph_list = acpi_get_dsd_graph(adev, buf); > if (!graph_list) > return graph_list; > > @@ -661,22 +660,24 @@ static int acpi_coresight_parse_graph(struct device *dev, > struct acpi_device *adev, > struct coresight_platform_data *pdata) > { > + int ret = 0; > int i, nlinks; > const union acpi_object *graph; > struct coresight_connection conn, zero_conn = {}; > struct coresight_connection *new_conn; > + struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER, NULL }; > > - graph = acpi_get_coresight_graph(adev); > + graph = acpi_get_coresight_graph(adev, &buf); > /* > * There are no graph connections, which is fine for some components. > * e.g., ETE > */ > if (!graph) > - return 0; > + goto free; > > nlinks = graph->package.elements[2].integer.value; > if (!nlinks) > - return 0; > + goto free; > > for (i = 0; i < nlinks; i++) { > const union acpi_object *link = &graph->package.elements[3 + i]; > @@ -684,17 +685,28 @@ static int acpi_coresight_parse_graph(struct device *dev, > > conn = zero_conn; > dir = acpi_coresight_parse_link(adev, link, &conn); > - if (dir < 0) > - return dir; > + if (dir < 0) { > + ret = dir; > + goto free; > + } > > if (dir == ACPI_CORESIGHT_LINK_MASTER) { > new_conn = coresight_add_out_conn(dev, pdata, &conn); > - if (IS_ERR(new_conn)) > - return PTR_ERR(new_conn); > + if (IS_ERR(new_conn)) { > + ret = PTR_ERR(new_conn); > + goto free; > + } > } > } > > - return 0; > +free: > + /* > + * When ACPI fails to alloc a buffer, it will free the buffer > + * created via ACPI_ALLOCATE_BUFFER and set to NULL. > + * ACPI_FREE can handle NULL pointers, so free it directly. > + */ > + ACPI_FREE(buf.pointer); > + return ret; > } > > /* _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2441CC2FC37 for ; Thu, 17 Aug 2023 14:04:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351704AbjHQOEU (ORCPT ); Thu, 17 Aug 2023 10:04:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351680AbjHQODq (ORCPT ); Thu, 17 Aug 2023 10:03:46 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E81332D75 for ; Thu, 17 Aug 2023 07:03:42 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AB636D75; Thu, 17 Aug 2023 07:04:23 -0700 (PDT) Received: from [192.168.1.3] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5322B3F6C4; Thu, 17 Aug 2023 07:03:41 -0700 (PDT) Message-ID: <1d38e877-35ed-5f70-e51f-ea875deab903@arm.com> Date: Thu, 17 Aug 2023 15:03:25 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [PATCH 1/2] coresight: Fix memory leak in acpi_buffer->pointer Content-Language: en-US To: Junhao He , suzuki.poulose@arm.com, mike.leach@linaro.org, leo.yan@linaro.org Cc: coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxarm@huawei.com, jonathan.cameron@huawei.com, yangyicong@huawei.com, prime.zeng@hisilicon.com References: <20230817085937.55590-1-hejunhao3@huawei.com> <20230817085937.55590-2-hejunhao3@huawei.com> From: James Clark In-Reply-To: <20230817085937.55590-2-hejunhao3@huawei.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/08/2023 09:59, Junhao He wrote: > There are memory leaks reported by kmemleak: > ... > unreferenced object 0xffff00213c141000 (size 1024): > comm "systemd-udevd", pid 2123, jiffies 4294909467 (age 6062.160s) > hex dump (first 32 bytes): > 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ........... 00 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 ................ > backtrace: > [<000000004b7c9001>] __kmem_cache_alloc_node+0x2f8/0x348 > [<00000000b0fc7ceb>] __kmalloc+0x58/0x108 > [<0000000064ff4695>] acpi_os_allocate+0x2c/0x68 > [<000000007d57d116>] acpi_ut_initialize_buffer+0x54/0xe0 > [<0000000024583908>] acpi_evaluate_object+0x388/0x438 > [<0000000017b2e72b>] acpi_evaluate_object_typed+0xe8/0x240 > [<000000005df0eac2>] coresight_get_platform_data+0x1b4/0x988 [coresight] > ... > > The ACPI buffer memory (buf.pointer) should be freed. But the buffer > is also used after returning from acpi_get_dsd_graph(). > Move the temporary variables buf to acpi_coresight_parse_graph(), > and free it before the function return to prevent memory leak. > > Fixes: 76ffa5ab5b79 ("coresight: Support for ACPI bindings") > Signed-off-by: Junhao He I confirmed that the error gone. Thanks for the fix. Reviewed-by: James Clark > --- > .../hwtracing/coresight/coresight-platform.c | 40 ++++++++++++------- > 1 file changed, 26 insertions(+), 14 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-platform.c b/drivers/hwtracing/coresight/coresight-platform.c > index 7d7b641c0a71..9d550f5697fa 100644 > --- a/drivers/hwtracing/coresight/coresight-platform.c > +++ b/drivers/hwtracing/coresight/coresight-platform.c > @@ -492,19 +492,18 @@ static inline bool acpi_validate_dsd_graph(const union acpi_object *graph) > > /* acpi_get_dsd_graph - Find the _DSD Graph property for the given device. */ > static const union acpi_object * > -acpi_get_dsd_graph(struct acpi_device *adev) > +acpi_get_dsd_graph(struct acpi_device *adev, struct acpi_buffer *buf) > { > int i; > - struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER }; > acpi_status status; > const union acpi_object *dsd; > > status = acpi_evaluate_object_typed(adev->handle, "_DSD", NULL, > - &buf, ACPI_TYPE_PACKAGE); > + buf, ACPI_TYPE_PACKAGE); > if (ACPI_FAILURE(status)) > return NULL; > > - dsd = buf.pointer; > + dsd = buf->pointer; > > /* > * _DSD property consists tuples { Prop_UUID, Package() } > @@ -555,12 +554,12 @@ acpi_validate_coresight_graph(const union acpi_object *cs_graph) > * returns NULL. > */ > static const union acpi_object * > -acpi_get_coresight_graph(struct acpi_device *adev) > +acpi_get_coresight_graph(struct acpi_device *adev, struct acpi_buffer *buf) > { > const union acpi_object *graph_list, *graph; > int i, nr_graphs; > > - graph_list = acpi_get_dsd_graph(adev); > + graph_list = acpi_get_dsd_graph(adev, buf); > if (!graph_list) > return graph_list; > > @@ -661,22 +660,24 @@ static int acpi_coresight_parse_graph(struct device *dev, > struct acpi_device *adev, > struct coresight_platform_data *pdata) > { > + int ret = 0; > int i, nlinks; > const union acpi_object *graph; > struct coresight_connection conn, zero_conn = {}; > struct coresight_connection *new_conn; > + struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER, NULL }; > > - graph = acpi_get_coresight_graph(adev); > + graph = acpi_get_coresight_graph(adev, &buf); > /* > * There are no graph connections, which is fine for some components. > * e.g., ETE > */ > if (!graph) > - return 0; > + goto free; > > nlinks = graph->package.elements[2].integer.value; > if (!nlinks) > - return 0; > + goto free; > > for (i = 0; i < nlinks; i++) { > const union acpi_object *link = &graph->package.elements[3 + i]; > @@ -684,17 +685,28 @@ static int acpi_coresight_parse_graph(struct device *dev, > > conn = zero_conn; > dir = acpi_coresight_parse_link(adev, link, &conn); > - if (dir < 0) > - return dir; > + if (dir < 0) { > + ret = dir; > + goto free; > + } > > if (dir == ACPI_CORESIGHT_LINK_MASTER) { > new_conn = coresight_add_out_conn(dev, pdata, &conn); > - if (IS_ERR(new_conn)) > - return PTR_ERR(new_conn); > + if (IS_ERR(new_conn)) { > + ret = PTR_ERR(new_conn); > + goto free; > + } > } > } > > - return 0; > +free: > + /* > + * When ACPI fails to alloc a buffer, it will free the buffer > + * created via ACPI_ALLOCATE_BUFFER and set to NULL. > + * ACPI_FREE can handle NULL pointers, so free it directly. > + */ > + ACPI_FREE(buf.pointer); > + return ret; > } > > /*