* [PATCH v2 0/2] Fix memory leak in of_pci_get_host_bridge_resources @ 2017-03-23 8:12 Jeffy Chen 2017-03-23 8:12 ` [PATCH v2 2/2] of/pci: " Jeffy Chen 2017-03-23 9:00 ` [PATCH v2 0/2] " Shawn Lin 0 siblings, 2 replies; 9+ messages in thread From: Jeffy Chen @ 2017-03-23 8:12 UTC (permalink / raw) To: linux-kernel Cc: robh, toshi.kani, shawn.lin, briannorris, dianders, bhelgaas, dtor, Jeffy Chen, devicetree, linux-pci, Frank Rowand, Rob Herring In of_pci_get_host_bridge_resources, we alloced some struct resource variables, and they would cause memory leak since no where to free them. Changes in v2: Don't change the resource_list_create_entry's behavior. Jeffy Chen (2): PCI: return resource_entry in pci_add_resource helpers of/pci: Fix memory leak in of_pci_get_host_bridge_resources drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ drivers/pci/bus.c | 13 +++++++----- include/linux/pci.h | 8 +++++--- 3 files changed, 38 insertions(+), 40 deletions(-) -- 2.1.4 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources 2017-03-23 8:12 [PATCH v2 0/2] Fix memory leak in of_pci_get_host_bridge_resources Jeffy Chen @ 2017-03-23 8:12 ` Jeffy Chen 2017-03-23 22:07 ` Rob Herring 2017-03-23 9:00 ` [PATCH v2 0/2] " Shawn Lin 1 sibling, 1 reply; 9+ messages in thread From: Jeffy Chen @ 2017-03-23 8:12 UTC (permalink / raw) To: linux-kernel Cc: robh, toshi.kani, shawn.lin, briannorris, dianders, bhelgaas, dtor, Jeffy Chen, Frank Rowand, devicetree, Rob Herring Currently we only free the allocated resource struct when error. This would cause memory leak after pci_free_resource_list. Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> --- Changes in v2: Don't change the resource_list_create_entry's behavior. drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ 1 file changed, 25 insertions(+), 32 deletions(-) diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c index 0ee42c3..a0ec246 100644 --- a/drivers/of/of_pci.c +++ b/drivers/of/of_pci.c @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, struct list_head *resources, resource_size_t *io_base) { struct resource_entry *window; - struct resource *res; - struct resource *bus_range; + struct resource res; struct of_pci_range range; struct of_pci_range_parser parser; char range_type[4]; @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, if (io_base) *io_base = (resource_size_t)OF_BAD_ADDR; - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); - if (!bus_range) - return -ENOMEM; - pr_info("host bridge %s ranges:\n", dev->full_name); - err = of_pci_parse_bus_range(dev, bus_range); + err = of_pci_parse_bus_range(dev, &res); if (err) { - bus_range->start = busno; - bus_range->end = bus_max; - bus_range->flags = IORESOURCE_BUS; - pr_info(" No bus range found for %s, using %pR\n", - dev->full_name, bus_range); + res.start = busno; + res.end = bus_max; + res.flags = IORESOURCE_BUS; + pr_info(" No bus range found for %s\n", dev->full_name); } else { - if (bus_range->end > bus_range->start + bus_max) - bus_range->end = bus_range->start + bus_max; + if (res.end > res.start + bus_max) + res.end = res.start + bus_max; + } + window = pci_add_resource(resources, NULL); + if (!window) { + err = -ENOMEM; + goto parse_failed; } - pci_add_resource(resources, bus_range); + *window->res = res; /* Check for ranges property */ err = of_pci_range_parser_init(&parser, dev); @@ -244,24 +243,16 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, if (range.cpu_addr == OF_BAD_ADDR || range.size == 0) continue; - res = kzalloc(sizeof(struct resource), GFP_KERNEL); - if (!res) { - err = -ENOMEM; - goto parse_failed; - } - - err = of_pci_range_to_resource(&range, dev, res); - if (err) { - kfree(res); + err = of_pci_range_to_resource(&range, dev, &res); + if (err) continue; - } - if (resource_type(res) == IORESOURCE_IO) { + if (resource_type(&res) == IORESOURCE_IO) { if (!io_base) { pr_err("I/O range found for %s. Please provide an io_base pointer to save CPU base address\n", dev->full_name); err = -EINVAL; - goto conversion_failed; + goto parse_failed; } if (*io_base != (resource_size_t)OF_BAD_ADDR) pr_warn("More than one I/O resource converted for %s. CPU base address for old range lost!\n", @@ -269,16 +260,18 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, *io_base = range.cpu_addr; } - pci_add_resource_offset(resources, res, res->start - range.pci_addr); + window = pci_add_resource(resources, NULL); + if (!window) { + err = -ENOMEM; + goto parse_failed; + } + *window->res = res; + window->offset = res.start - range.pci_addr; } return 0; -conversion_failed: - kfree(res); parse_failed: - resource_list_for_each_entry(window, resources) - kfree(window->res); pci_free_resource_list(resources); return err; } -- 2.1.4 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources 2017-03-23 8:12 ` [PATCH v2 2/2] of/pci: " Jeffy Chen @ 2017-03-23 22:07 ` Rob Herring 2017-03-23 22:58 ` Dmitry Torokhov 0 siblings, 1 reply; 9+ messages in thread From: Rob Herring @ 2017-03-23 22:07 UTC (permalink / raw) To: Jeffy Chen Cc: linux-kernel@vger.kernel.org, toshi.kani, Shawn Lin, Brian Norris, Doug Anderson, bhelgaas@google.com, Dmitry Torokhov, Frank Rowand, devicetree@vger.kernel.org On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen@rock-chips.com> wrote: > Currently we only free the allocated resource struct when error. > This would cause memory leak after pci_free_resource_list. > > Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> > --- > > Changes in v2: > Don't change the resource_list_create_entry's behavior. > > drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ > 1 file changed, 25 insertions(+), 32 deletions(-) > > diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c > index 0ee42c3..a0ec246 100644 > --- a/drivers/of/of_pci.c > +++ b/drivers/of/of_pci.c > @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, > struct list_head *resources, resource_size_t *io_base) > { > struct resource_entry *window; > - struct resource *res; > - struct resource *bus_range; > + struct resource res; > struct of_pci_range range; > struct of_pci_range_parser parser; > char range_type[4]; > @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, > if (io_base) > *io_base = (resource_size_t)OF_BAD_ADDR; > > - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); > - if (!bus_range) > - return -ENOMEM; > - > pr_info("host bridge %s ranges:\n", dev->full_name); > > - err = of_pci_parse_bus_range(dev, bus_range); > + err = of_pci_parse_bus_range(dev, &res); > if (err) { > - bus_range->start = busno; > - bus_range->end = bus_max; > - bus_range->flags = IORESOURCE_BUS; > - pr_info(" No bus range found for %s, using %pR\n", > - dev->full_name, bus_range); > + res.start = busno; > + res.end = bus_max; > + res.flags = IORESOURCE_BUS; > + pr_info(" No bus range found for %s\n", dev->full_name); > } else { > - if (bus_range->end > bus_range->start + bus_max) > - bus_range->end = bus_range->start + bus_max; > + if (res.end > res.start + bus_max) > + res.end = res.start + bus_max; > + } > + window = pci_add_resource(resources, NULL); > + if (!window) { > + err = -ENOMEM; > + goto parse_failed; > } > - pci_add_resource(resources, bus_range); > + *window->res = res; Well, now this seems racy. You add a blank resource to the list first and then fill it in. Rob ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources 2017-03-23 22:07 ` Rob Herring @ 2017-03-23 22:58 ` Dmitry Torokhov [not found] ` <CAE_wzQ9ZVDiDGP4k_2i2KL4JxtRn_S7gjFXUTYZncMLx2m77gQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 0 siblings, 1 reply; 9+ messages in thread From: Dmitry Torokhov @ 2017-03-23 22:58 UTC (permalink / raw) To: Rob Herring Cc: Jeffy Chen, linux-kernel@vger.kernel.org, toshi.kani, Shawn Lin, Brian Norris, Doug Anderson, bhelgaas@google.com, Dmitry Torokhov, Frank Rowand, devicetree@vger.kernel.org On Thu, Mar 23, 2017 at 3:07 PM, Rob Herring <robh@kernel.org> wrote: > On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen@rock-chips.com> wrote: >> Currently we only free the allocated resource struct when error. >> This would cause memory leak after pci_free_resource_list. >> >> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com> >> --- >> >> Changes in v2: >> Don't change the resource_list_create_entry's behavior. >> >> drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ >> 1 file changed, 25 insertions(+), 32 deletions(-) >> >> diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c >> index 0ee42c3..a0ec246 100644 >> --- a/drivers/of/of_pci.c >> +++ b/drivers/of/of_pci.c >> @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >> struct list_head *resources, resource_size_t *io_base) >> { >> struct resource_entry *window; >> - struct resource *res; >> - struct resource *bus_range; >> + struct resource res; >> struct of_pci_range range; >> struct of_pci_range_parser parser; >> char range_type[4]; >> @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >> if (io_base) >> *io_base = (resource_size_t)OF_BAD_ADDR; >> >> - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); >> - if (!bus_range) >> - return -ENOMEM; >> - >> pr_info("host bridge %s ranges:\n", dev->full_name); >> >> - err = of_pci_parse_bus_range(dev, bus_range); >> + err = of_pci_parse_bus_range(dev, &res); >> if (err) { >> - bus_range->start = busno; >> - bus_range->end = bus_max; >> - bus_range->flags = IORESOURCE_BUS; >> - pr_info(" No bus range found for %s, using %pR\n", >> - dev->full_name, bus_range); >> + res.start = busno; >> + res.end = bus_max; >> + res.flags = IORESOURCE_BUS; >> + pr_info(" No bus range found for %s\n", dev->full_name); >> } else { >> - if (bus_range->end > bus_range->start + bus_max) >> - bus_range->end = bus_range->start + bus_max; >> + if (res.end > res.start + bus_max) >> + res.end = res.start + bus_max; >> + } >> + window = pci_add_resource(resources, NULL); >> + if (!window) { >> + err = -ENOMEM; >> + goto parse_failed; >> } >> - pci_add_resource(resources, bus_range); >> + *window->res = res; > > Well, now this seems racy. You add a blank resource to the list first > and then fill it in. > Huh? There is absolutely no guarantees for concurrent access here. pcI_add_resource_offset() first adds a resource and then modifies offset. Here we add an empty resource and then fill it in. Thanks. -- Dmitry ^ permalink raw reply [flat|nested] 9+ messages in thread
[parent not found: <CAE_wzQ9ZVDiDGP4k_2i2KL4JxtRn_S7gjFXUTYZncMLx2m77gQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources [not found] ` <CAE_wzQ9ZVDiDGP4k_2i2KL4JxtRn_S7gjFXUTYZncMLx2m77gQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2017-03-24 1:39 ` jeffy 2017-04-04 19:18 ` Bjorn Helgaas 1 sibling, 0 replies; 9+ messages in thread From: jeffy @ 2017-03-24 1:39 UTC (permalink / raw) To: Dmitry Torokhov, Rob Herring Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, toshi.kani-ZPxbGqLxI0U, Shawn Lin, Brian Norris, Doug Anderson, bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org, Frank Rowand, devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Hi Rob & Dmitry, On 03/24/2017 06:58 AM, Dmitry Torokhov wrote: > On Thu, Mar 23, 2017 at 3:07 PM, Rob Herring <robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote: >> On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> wrote: >>> Currently we only free the allocated resource struct when error. >>> This would cause memory leak after pci_free_resource_list. >>> >>> Signed-off-by: Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> >>> --- >>> >>> Changes in v2: >>> Don't change the resource_list_create_entry's behavior. >>> >>> drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ >>> 1 file changed, 25 insertions(+), 32 deletions(-) >>> >>> diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c >>> index 0ee42c3..a0ec246 100644 >>> --- a/drivers/of/of_pci.c >>> +++ b/drivers/of/of_pci.c >>> @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>> struct list_head *resources, resource_size_t *io_base) >>> { >>> struct resource_entry *window; >>> - struct resource *res; >>> - struct resource *bus_range; >>> + struct resource res; >>> struct of_pci_range range; >>> struct of_pci_range_parser parser; >>> char range_type[4]; >>> @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>> if (io_base) >>> *io_base = (resource_size_t)OF_BAD_ADDR; >>> >>> - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); >>> - if (!bus_range) >>> - return -ENOMEM; >>> - >>> pr_info("host bridge %s ranges:\n", dev->full_name); >>> >>> - err = of_pci_parse_bus_range(dev, bus_range); >>> + err = of_pci_parse_bus_range(dev, &res); >>> if (err) { >>> - bus_range->start = busno; >>> - bus_range->end = bus_max; >>> - bus_range->flags = IORESOURCE_BUS; >>> - pr_info(" No bus range found for %s, using %pR\n", >>> - dev->full_name, bus_range); >>> + res.start = busno; >>> + res.end = bus_max; >>> + res.flags = IORESOURCE_BUS; >>> + pr_info(" No bus range found for %s\n", dev->full_name); >>> } else { >>> - if (bus_range->end > bus_range->start + bus_max) >>> - bus_range->end = bus_range->start + bus_max; >>> + if (res.end > res.start + bus_max) >>> + res.end = res.start + bus_max; >>> + } >>> + window = pci_add_resource(resources, NULL); >>> + if (!window) { >>> + err = -ENOMEM; >>> + goto parse_failed; >>> } >>> - pci_add_resource(resources, bus_range); >>> + *window->res = res; >> >> Well, now this seems racy. You add a blank resource to the list first >> and then fill it in. >> > > Huh? There is absolutely no guarantees for concurrent access here. > pcI_add_resource_offset() first adds a resource and then modifies > offset. Here we add an empty resource and then fill it in. currently, we are using of_pci_get_host_bridge_resources in this pattern: create resource list: LIST_HEAD(res); ... add resources into the list: err = of_pci_get_host_bridge_resources(dev->of_node, 0, 0xff, &res, &io_base); ... walk over the list: /* Get the I/O and memory ranges from DT */ resource_list_for_each_entry(win, &res) { so only of_pci_get_host_bridge_resources is accessing this list at that time. and an empty resource is harmless i think(with zero size and flags) ;) maybe i should add some comments in the patch > > Thanks. > -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources [not found] ` <CAE_wzQ9ZVDiDGP4k_2i2KL4JxtRn_S7gjFXUTYZncMLx2m77gQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2017-03-24 1:39 ` jeffy @ 2017-04-04 19:18 ` Bjorn Helgaas [not found] ` <CAErSpo6CZ1hoHyzEnWBi7VDr51bLurF4-4t=-v4jH27kOpzYrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 1 sibling, 1 reply; 9+ messages in thread From: Bjorn Helgaas @ 2017-04-04 19:18 UTC (permalink / raw) To: Dmitry Torokhov Cc: Rob Herring, Jeffy Chen, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, toshi.kani-ZPxbGqLxI0U, Shawn Lin, Brian Norris, Doug Anderson, Frank Rowand, devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org On Thu, Mar 23, 2017 at 5:58 PM, Dmitry Torokhov <dtor-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> wrote: > On Thu, Mar 23, 2017 at 3:07 PM, Rob Herring <robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote: >> On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> wrote: >>> Currently we only free the allocated resource struct when error. >>> This would cause memory leak after pci_free_resource_list. >>> >>> Signed-off-by: Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> >>> --- >>> >>> Changes in v2: >>> Don't change the resource_list_create_entry's behavior. >>> >>> drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ >>> 1 file changed, 25 insertions(+), 32 deletions(-) >>> >>> diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c >>> index 0ee42c3..a0ec246 100644 >>> --- a/drivers/of/of_pci.c >>> +++ b/drivers/of/of_pci.c >>> @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>> struct list_head *resources, resource_size_t *io_base) >>> { >>> struct resource_entry *window; >>> - struct resource *res; >>> - struct resource *bus_range; >>> + struct resource res; >>> struct of_pci_range range; >>> struct of_pci_range_parser parser; >>> char range_type[4]; >>> @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>> if (io_base) >>> *io_base = (resource_size_t)OF_BAD_ADDR; >>> >>> - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); >>> - if (!bus_range) >>> - return -ENOMEM; >>> - >>> pr_info("host bridge %s ranges:\n", dev->full_name); >>> >>> - err = of_pci_parse_bus_range(dev, bus_range); >>> + err = of_pci_parse_bus_range(dev, &res); >>> if (err) { >>> - bus_range->start = busno; >>> - bus_range->end = bus_max; >>> - bus_range->flags = IORESOURCE_BUS; >>> - pr_info(" No bus range found for %s, using %pR\n", >>> - dev->full_name, bus_range); >>> + res.start = busno; >>> + res.end = bus_max; >>> + res.flags = IORESOURCE_BUS; >>> + pr_info(" No bus range found for %s\n", dev->full_name); >>> } else { >>> - if (bus_range->end > bus_range->start + bus_max) >>> - bus_range->end = bus_range->start + bus_max; >>> + if (res.end > res.start + bus_max) >>> + res.end = res.start + bus_max; >>> + } >>> + window = pci_add_resource(resources, NULL); >>> + if (!window) { >>> + err = -ENOMEM; >>> + goto parse_failed; >>> } >>> - pci_add_resource(resources, bus_range); >>> + *window->res = res; >> >> Well, now this seems racy. You add a blank resource to the list first >> and then fill it in. >> > > Huh? There is absolutely no guarantees for concurrent access here. > pcI_add_resource_offset() first adds a resource and then modifies > offset. Here we add an empty resource and then fill it in. I don't really like this pattern either. Even if there's no actual racy behavior, it takes more analysis than necessary to figure that out. pci_add_resource_offset() allocates a resource list entry, sets the offset, then adds it to the list. It doesn't update a resource entry that might be visible to anybody else. Here we do update a resource that is already visible to others because it's already on the list. Bjorn BTW, please CC linux-pci on the entire series so it's easier to review. I don't know where you envision having this applied, but I only apply things to the PCI tree after they appear on linux-pci. -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
[parent not found: <CAErSpo6CZ1hoHyzEnWBi7VDr51bLurF4-4t=-v4jH27kOpzYrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources [not found] ` <CAErSpo6CZ1hoHyzEnWBi7VDr51bLurF4-4t=-v4jH27kOpzYrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2017-04-05 2:22 ` jeffy 2017-04-05 13:21 ` Rob Herring 0 siblings, 1 reply; 9+ messages in thread From: jeffy @ 2017-04-05 2:22 UTC (permalink / raw) To: Bjorn Helgaas, Dmitry Torokhov Cc: Rob Herring, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, toshi.kani-ZPxbGqLxI0U, Shawn Lin, Brian Norris, Doug Anderson, Frank Rowand, devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Hi Bjorn, On 04/05/2017 03:18 AM, Bjorn Helgaas wrote: > On Thu, Mar 23, 2017 at 5:58 PM, Dmitry Torokhov <dtor-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> wrote: >> On Thu, Mar 23, 2017 at 3:07 PM, Rob Herring <robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote: >>> On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> wrote: >>>> Currently we only free the allocated resource struct when error. >>>> This would cause memory leak after pci_free_resource_list. >>>> >>>> Signed-off-by: Jeffy Chen <jeffy.chen-TNX95d0MmH7DzftRWevZcw@public.gmane.org> >>>> --- >>>> >>>> Changes in v2: >>>> Don't change the resource_list_create_entry's behavior. >>>> >>>> drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ >>>> 1 file changed, 25 insertions(+), 32 deletions(-) >>>> >>>> diff --git a/drivers/of/of_pci.c b/drivers/of/of_pci.c >>>> index 0ee42c3..a0ec246 100644 >>>> --- a/drivers/of/of_pci.c >>>> +++ b/drivers/of/of_pci.c >>>> @@ -190,8 +190,7 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>>> struct list_head *resources, resource_size_t *io_base) >>>> { >>>> struct resource_entry *window; >>>> - struct resource *res; >>>> - struct resource *bus_range; >>>> + struct resource res; >>>> struct of_pci_range range; >>>> struct of_pci_range_parser parser; >>>> char range_type[4]; >>>> @@ -200,24 +199,24 @@ int of_pci_get_host_bridge_resources(struct device_node *dev, >>>> if (io_base) >>>> *io_base = (resource_size_t)OF_BAD_ADDR; >>>> >>>> - bus_range = kzalloc(sizeof(*bus_range), GFP_KERNEL); >>>> - if (!bus_range) >>>> - return -ENOMEM; >>>> - >>>> pr_info("host bridge %s ranges:\n", dev->full_name); >>>> >>>> - err = of_pci_parse_bus_range(dev, bus_range); >>>> + err = of_pci_parse_bus_range(dev, &res); >>>> if (err) { >>>> - bus_range->start = busno; >>>> - bus_range->end = bus_max; >>>> - bus_range->flags = IORESOURCE_BUS; >>>> - pr_info(" No bus range found for %s, using %pR\n", >>>> - dev->full_name, bus_range); >>>> + res.start = busno; >>>> + res.end = bus_max; >>>> + res.flags = IORESOURCE_BUS; >>>> + pr_info(" No bus range found for %s\n", dev->full_name); >>>> } else { >>>> - if (bus_range->end > bus_range->start + bus_max) >>>> - bus_range->end = bus_range->start + bus_max; >>>> + if (res.end > res.start + bus_max) >>>> + res.end = res.start + bus_max; >>>> + } >>>> + window = pci_add_resource(resources, NULL); >>>> + if (!window) { >>>> + err = -ENOMEM; >>>> + goto parse_failed; >>>> } >>>> - pci_add_resource(resources, bus_range); >>>> + *window->res = res; >>> >>> Well, now this seems racy. You add a blank resource to the list first >>> and then fill it in. >>> >> >> Huh? There is absolutely no guarantees for concurrent access here. >> pcI_add_resource_offset() first adds a resource and then modifies >> offset. Here we add an empty resource and then fill it in. > > I don't really like this pattern either. Even if there's no actual > racy behavior, it takes more analysis than necessary to figure that > out. > > pci_add_resource_offset() allocates a resource list entry, sets the > offset, then adds it to the list. It doesn't update a resource entry > that might be visible to anybody else. Here we do update a resource > that is already visible to others because it's already on the list. i was following ./drivers/pnp/resource.c, but i'm agree this is not a good way. i'll upload a new version to fix this in another way. more ideas: 1/ pass a struct device to of_pci_get_host_bridge_resources and use devm_kzalloc 2/ add a new type of flags(or reuse IORESOURCE_AUTO) to tell pci_free_resource_list to kfree them) 3/ add new helpers of of_pci_add_resource[_offset] to alloc empty res, fill it, add to list. > > Bjorn > > BTW, please CC linux-pci on the entire series so it's easier to > review. I don't know where you envision having this applied, but I > only apply things to the PCI tree after they appear on linux-pci. > oh, sorry, didn't notice that, will do in next version. > > -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/2] of/pci: Fix memory leak in of_pci_get_host_bridge_resources 2017-04-05 2:22 ` jeffy @ 2017-04-05 13:21 ` Rob Herring 0 siblings, 0 replies; 9+ messages in thread From: Rob Herring @ 2017-04-05 13:21 UTC (permalink / raw) To: jeffy Cc: Bjorn Helgaas, Dmitry Torokhov, linux-kernel@vger.kernel.org, toshi.kani, Shawn Lin, Brian Norris, Doug Anderson, Frank Rowand, devicetree@vger.kernel.org On Tue, Apr 4, 2017 at 9:22 PM, jeffy <jeffy.chen@rock-chips.com> wrote: > Hi Bjorn, > > > On 04/05/2017 03:18 AM, Bjorn Helgaas wrote: >> >> On Thu, Mar 23, 2017 at 5:58 PM, Dmitry Torokhov <dtor@chromium.org> >> wrote: >>> >>> On Thu, Mar 23, 2017 at 3:07 PM, Rob Herring <robh@kernel.org> wrote: >>>> >>>> On Thu, Mar 23, 2017 at 3:12 AM, Jeffy Chen <jeffy.chen@rock-chips.com> >>>> wrote: >>>>> >>>>> Currently we only free the allocated resource struct when error. >>>>> This would cause memory leak after pci_free_resource_list. >>>>> - pci_add_resource(resources, bus_range); >>>>> + *window->res = res; >>>> >>>> >>>> Well, now this seems racy. You add a blank resource to the list first >>>> and then fill it in. >>>> >>> >>> Huh? There is absolutely no guarantees for concurrent access here. >>> pcI_add_resource_offset() first adds a resource and then modifies >>> offset. Here we add an empty resource and then fill it in. >> >> >> I don't really like this pattern either. Even if there's no actual >> racy behavior, it takes more analysis than necessary to figure that >> out. >> >> pci_add_resource_offset() allocates a resource list entry, sets the >> offset, then adds it to the list. It doesn't update a resource entry >> that might be visible to anybody else. Here we do update a resource >> that is already visible to others because it's already on the list. > > i was following ./drivers/pnp/resource.c, but i'm agree this is not a good > way. > > i'll upload a new version to fix this in another way. more ideas: > 1/ pass a struct device to of_pci_get_host_bridge_resources and use > devm_kzalloc I would pick this one of the 3 options or... > 2/ add a new type of flags(or reuse IORESOURCE_AUTO) to tell > pci_free_resource_list to kfree them) > 3/ add new helpers of of_pci_add_resource[_offset] to alloc empty res, fill > it, add to list. 2 other options: Add a function to undo everything that of_pci_get_host_bridge_resources does. Then every caller of of_pci_get_host_bridge_resources should have a call to that function. Or maybe you can add a pci_free_resource_list_and_resources (needs a better name) to free both resources and list. Then audit all the current callers of pci_free_resource_list and determine which one's can be changed (maybe it is all of them). Rob ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 0/2] Fix memory leak in of_pci_get_host_bridge_resources 2017-03-23 8:12 [PATCH v2 0/2] Fix memory leak in of_pci_get_host_bridge_resources Jeffy Chen 2017-03-23 8:12 ` [PATCH v2 2/2] of/pci: " Jeffy Chen @ 2017-03-23 9:00 ` Shawn Lin 1 sibling, 0 replies; 9+ messages in thread From: Shawn Lin @ 2017-03-23 9:00 UTC (permalink / raw) To: Jeffy Chen Cc: linux-kernel, robh, toshi.kani, briannorris, dianders, bhelgaas, dtor, devicetree, linux-pci, Frank Rowand, Rob Herring Hi Jeffy, On 2017/3/23 16:12, Jeffy Chen wrote: > In of_pci_get_host_bridge_resources, we alloced some struct resource > variables, and they would cause memory leak since no where to free them. > Tested-by: Shawn Lin <shawn.lin@rock-chips.com> > Changes in v2: > Don't change the resource_list_create_entry's behavior. > > Jeffy Chen (2): > PCI: return resource_entry in pci_add_resource helpers > of/pci: Fix memory leak in of_pci_get_host_bridge_resources > > drivers/of/of_pci.c | 57 +++++++++++++++++++++++------------------------------ > drivers/pci/bus.c | 13 +++++++----- > include/linux/pci.h | 8 +++++--- > 3 files changed, 38 insertions(+), 40 deletions(-) > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-04-05 13:21 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-23 8:12 [PATCH v2 0/2] Fix memory leak in of_pci_get_host_bridge_resources Jeffy Chen
2017-03-23 8:12 ` [PATCH v2 2/2] of/pci: " Jeffy Chen
2017-03-23 22:07 ` Rob Herring
2017-03-23 22:58 ` Dmitry Torokhov
[not found] ` <CAE_wzQ9ZVDiDGP4k_2i2KL4JxtRn_S7gjFXUTYZncMLx2m77gQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-03-24 1:39 ` jeffy
2017-04-04 19:18 ` Bjorn Helgaas
[not found] ` <CAErSpo6CZ1hoHyzEnWBi7VDr51bLurF4-4t=-v4jH27kOpzYrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-04-05 2:22 ` jeffy
2017-04-05 13:21 ` Rob Herring
2017-03-23 9:00 ` [PATCH v2 0/2] " Shawn Lin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).