From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AA97C4646D for ; Fri, 10 Aug 2018 23:07:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5740922428 for ; Fri, 10 Aug 2018 23:07:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5740922428 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linuxonhyperv.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727331AbeHKBjK (ORCPT ); Fri, 10 Aug 2018 21:39:10 -0400 Received: from a2nlsmtp01-04.prod.iad2.secureserver.net ([198.71.225.38]:54700 "EHLO a2nlsmtp01-04.prod.iad2.secureserver.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727206AbeHKBjK (ORCPT ); Fri, 10 Aug 2018 21:39:10 -0400 Received: from linuxonhyperv2.linuxonhyperv.com ([107.180.71.197]) by : HOSTING RELAY : with SMTP id oGU1f4oyMq9i0oGU1fSK4z; Fri, 10 Aug 2018 16:06:13 -0700 x-originating-ip: 107.180.71.197 Received: from kys by linuxonhyperv2.linuxonhyperv.com with local (Exim 4.91) (envelope-from ) id 1foGU1-0000ZE-1z; Fri, 10 Aug 2018 16:06:13 -0700 From: kys@linuxonhyperv.com To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, devel@linuxdriverproject.org, olaf@aepfle.de, apw@canonical.com, jasowang@redhat.com, sthemmin@microsoft.com, Michael.H.Kelley@microsoft.com, vkuznets@redhat.com Cc: Michael Kelley , "K . Y . Srinivasan" Subject: [PATCH 5/5] Drivers: hv: vmbus: Fix synic per-cpu context initialization Date: Fri, 10 Aug 2018 23:06:11 +0000 Message-Id: <20180810230611.2114-5-kys@linuxonhyperv.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180810230611.2114-1-kys@linuxonhyperv.com> References: <20180810230520.2055-1-kys@linuxonhyperv.com> <20180810230611.2114-1-kys@linuxonhyperv.com> Reply-To: kys@microsoft.com X-CMAE-Envelope: MS4wfHsqQEKkIf7CyfGr4vNHEQvjCb0NoDYYqX5+FbVjP9iuZIYtVfTmZgyhPlx5wwey9QBdy/YyzIhm8XvmyJEyiFekESkytkXGU3e9Tydw+clrIl0CfU8K U+TSNmbW4EiD4QnRdzllapVsTIt95G2vTNRMVo6soyqizfMrsxnpr3AkPXIMhdoWlAPwzqDTs9+0Seby98c68j+SZfpEyJrBCqOH2wTqtH9jM5ORuZDv9La3 3UhjoJPqCyTuxPL+9Pq0kTRCfNslFPh3YIprh49NLAa4e5/F02qA+RLIXtUuSPsLusg5gXLE/RddXWFPEuI1pWmDe1z2yyioJi0dd9CwiuJDDwj9QB5QxW4g PV/5jXty31VZ4CK683+TkM7S/QOMTE1Z8LCyQQAinecbl/mcPDTKRrT13xRgdlbb7xfDNHcIqUXjYMsRuclvFzrD0ZOSlcBnGVoE64ivKvTVGMCKAyMv2is3 TCm6XiSkWwlYX98F08uHDvPxsdZQaWrizl3prEQzpj0KVy+v4c4bNMZDsAbwoO7I73d91w213RmhmWd74bqmqlgBHNNuevZCM416mw== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Michael Kelley If hv_synic_alloc() errors out, the state of the per-cpu context for some CPUs is unknown since the zero'ing is done as each CPU is iterated over. In such case, hv_synic_cleanup() may try to free memory based on uninitialized values. Fix this by zero'ing the per-cpu context for all CPUs before doing any memory allocations that might fail. Signed-off-by: Michael Kelley Reported-by: Dan Carpenter Signed-off-by: K. Y. Srinivasan --- drivers/hv/hv.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 748a1c4172a6..332d7c34be5c 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -189,6 +189,17 @@ static void hv_init_clockevent_device(struct clock_event_device *dev, int cpu) int hv_synic_alloc(void) { int cpu; + struct hv_per_cpu_context *hv_cpu; + + /* + * First, zero all per-cpu memory areas so hv_synic_free() can + * detect what memory has been allocated and cleanup properly + * after any failures. + */ + for_each_present_cpu(cpu) { + hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); + memset(hv_cpu, 0, sizeof(*hv_cpu)); + } hv_context.hv_numa_map = kcalloc(nr_node_ids, sizeof(struct cpumask), GFP_KERNEL); @@ -198,10 +209,8 @@ int hv_synic_alloc(void) } for_each_present_cpu(cpu) { - struct hv_per_cpu_context *hv_cpu - = per_cpu_ptr(hv_context.cpu_context, cpu); + hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); - memset(hv_cpu, 0, sizeof(*hv_cpu)); tasklet_init(&hv_cpu->msg_dpc, vmbus_on_msg_dpc, (unsigned long) hv_cpu); -- 2.18.0