Fix misplaced kfree from xlated_setup_gnttab

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* Fix misplaced kfree from xlated_setup_gnttab_pages
       [not found] <20140123064242.09E68660D05@gitolite.kernel.org>
@ 2014-01-24 18:31 ` Dave Jones
  2014-01-24 18:46   ` Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 3+ messages in thread
From: Dave Jones @ 2014-01-24 18:31 UTC (permalink / raw)
  To: Linux Kernel Mailing List; +Cc: konrad.wilk

Passing a freed 'pages' to free_xenballooned_pages will end badly
on kernels with slub debug enabled.

This looks out of place between the rc assign and the check, and
was likely a cut-and-paste error.

Signed-off-by: Dave Jones <davej@fedoraproject.org>

diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
index 103c93f874b2..28990cc97304 100644
--- a/arch/x86/xen/grant-table.c
+++ b/arch/x86/xen/grant-table.c
@@ -161,12 +161,11 @@ static int __init xlated_setup_gnttab_pages(void)
 
 	rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
 				    &xen_auto_xlat_grant_frames.vaddr);
-
-	kfree(pages);
 	if (rc) {
 		pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
 			nr_grant_frames, rc);
 		free_xenballooned_pages(nr_grant_frames, pages);
+		kfree(pages);
 		kfree(pfns);
 		return rc;
 	}

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: Fix misplaced kfree from xlated_setup_gnttab_pages
  2014-01-24 18:31 ` Fix misplaced kfree from xlated_setup_gnttab_pages Dave Jones
@ 2014-01-24 18:46   ` Konrad Rzeszutek Wilk
  2014-01-24 18:48     ` Dave Jones
  0 siblings, 1 reply; 3+ messages in thread
From: Konrad Rzeszutek Wilk @ 2014-01-24 18:46 UTC (permalink / raw)
  To: Dave Jones, Linux Kernel Mailing List
  Cc: boris.ostrovsky, david.vrabel, xen-devel

On Fri, Jan 24, 2014 at 01:31:14PM -0500, Dave Jones wrote:
> Passing a freed 'pages' to free_xenballooned_pages will end badly
> on kernels with slub debug enabled.

Ouch.
> 
> This looks out of place between the rc assign and the check, and
> was likely a cut-and-paste error.
> 
> Signed-off-by: Dave Jones <davej@fedoraproject.org>
> 
> diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
> index 103c93f874b2..28990cc97304 100644
> --- a/arch/x86/xen/grant-table.c
> +++ b/arch/x86/xen/grant-table.c
> @@ -161,12 +161,11 @@ static int __init xlated_setup_gnttab_pages(void)
>  
>  	rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
>  				    &xen_auto_xlat_grant_frames.vaddr);
> -
> -	kfree(pages);
>  	if (rc) {
>  		pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
>  			nr_grant_frames, rc);
>  		free_xenballooned_pages(nr_grant_frames, pages);
> +		kfree(pages);
>  		kfree(pfns);
>  		return rc;
>  	}

Actually it should also be freed on the success path, as so:


I can squash it in, if you are OK with that?

diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
index 103c93f..c985835 100644
--- a/arch/x86/xen/grant-table.c
+++ b/arch/x86/xen/grant-table.c
@@ -162,14 +162,15 @@ static int __init xlated_setup_gnttab_pages(void)
 	rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
 				    &xen_auto_xlat_grant_frames.vaddr);
 
-	kfree(pages);
 	if (rc) {
 		pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
 			nr_grant_frames, rc);
 		free_xenballooned_pages(nr_grant_frames, pages);
+		kfree(pages);
 		kfree(pfns);
 		return rc;
 	}
+	kfree(pages);
 
 	xen_auto_xlat_grant_frames.pfn = pfns;
 	xen_auto_xlat_grant_frames.count = nr_grant_frames;

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: Fix misplaced kfree from xlated_setup_gnttab_pages
  2014-01-24 18:46   ` Konrad Rzeszutek Wilk
@ 2014-01-24 18:48     ` Dave Jones
  0 siblings, 0 replies; 3+ messages in thread
From: Dave Jones @ 2014-01-24 18:48 UTC (permalink / raw)
  To: Konrad Rzeszutek Wilk
  Cc: Linux Kernel Mailing List, boris.ostrovsky, david.vrabel,
	xen-devel

On Fri, Jan 24, 2014 at 01:46:55PM -0500, Konrad Rzeszutek Wilk wrote:
 > Actually it should also be freed on the success path, as so:
 > 
 > I can squash it in, if you are OK with that?
 
Looks good to me.

thanks,

	Dave

 > diff --git a/arch/x86/xen/grant-table.c b/arch/x86/xen/grant-table.c
 > index 103c93f..c985835 100644
 > --- a/arch/x86/xen/grant-table.c
 > +++ b/arch/x86/xen/grant-table.c
 > @@ -162,14 +162,15 @@ static int __init xlated_setup_gnttab_pages(void)
 >  	rc = arch_gnttab_map_shared(pfns, nr_grant_frames, nr_grant_frames,
 >  				    &xen_auto_xlat_grant_frames.vaddr);
 >  
 > -	kfree(pages);
 >  	if (rc) {
 >  		pr_warn("%s Couldn't map %ld pfns rc:%d\n", __func__,
 >  			nr_grant_frames, rc);
 >  		free_xenballooned_pages(nr_grant_frames, pages);
 > +		kfree(pages);
 >  		kfree(pfns);
 >  		return rc;
 >  	}
 > +	kfree(pages);
 >  
 >  	xen_auto_xlat_grant_frames.pfn = pfns;
 >  	xen_auto_xlat_grant_frames.count = nr_grant_frames;


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-01-24 18:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20140123064242.09E68660D05@gitolite.kernel.org>
2014-01-24 18:31 ` Fix misplaced kfree from xlated_setup_gnttab_pages Dave Jones
2014-01-24 18:46   ` Konrad Rzeszutek Wilk
2014-01-24 18:48     ` Dave Jones

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox