From: Sascha Hauer <s.hauer@pengutronix.de>
To: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
Bjorn Helgaas <bhelgaas@google.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] PCI/sysfs: Fix double free in error path
Date: Tue, 1 Nov 2022 10:40:04 +0100 [thread overview]
Message-ID: <20221101094004.GD9130@pengutronix.de> (raw)
In-Reply-To: <20221007065618.2169880-1-s.hauer@pengutronix.de>
Hi Bjorn,
On Fri, Oct 07, 2022 at 08:56:18AM +0200, Sascha Hauer wrote:
> When pci_create_attr() fails then pci_remove_resource_files() is called
> which will iterate over the res_attr[_wc] arrays and frees every non
> NULL entry. To avoid a double free here we have to set the failed entry
> to NULL in pci_create_attr() when freeing it.
>
> Fixes: b562ec8f74e4 ("PCI: Don't leak memory if sysfs_create_bin_file() fails")
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> Cc: <stable@vger.kernel.org>
> ---
> drivers/pci/pci-sysfs.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
Any input to this one? There's this long unfixed race condition
described here:
https://patchwork.kernel.org/project/linux-pci/patch/20200716110423.xtfyb3n6tn5ixedh@pali/#23547255
And this patch at least prevents my system from crashing when this race
condition occurs.
Sascha
>
> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> index fc804e08e3cb5..a07381d46ddae 100644
> --- a/drivers/pci/pci-sysfs.c
> +++ b/drivers/pci/pci-sysfs.c
> @@ -1196,8 +1196,13 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
> res_attr->size = pci_resource_len(pdev, num);
> res_attr->private = (void *)(unsigned long)num;
> retval = sysfs_create_bin_file(&pdev->dev.kobj, res_attr);
> - if (retval)
> + if (retval) {
> + if (write_combine)
> + pdev->res_attr_wc[num] = NULL;
> + else
> + pdev->res_attr[num] = NULL;
> kfree(res_attr);
> + }
>
> return retval;
> }
> --
> 2.30.2
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2022-11-01 9:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-07 6:56 [PATCH] PCI/sysfs: Fix double free in error path Sascha Hauer
2022-10-07 7:07 ` Sascha Hauer
2022-11-09 23:07 ` Bjorn Helgaas
2022-11-01 9:40 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221101094004.GD9130@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=bhelgaas@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.