2018-01-19 18:06:24

by Ladislav Michl

[permalink] [raw]
Subject: [PATCH 0/2] Fix double mem region release

Two one-liners for the same issue, second bug occurrence is just
a copy&pasted mistake from 2011...

Ladislav Michl (2):
devres: Fix double mem region release in devm_ioremap_resource()
PCI: Fix double mem region release in devm_pci_remap_cfg_resource()

drivers/pci/pci.c | 1 -
lib/devres.c | 1 -
2 files changed, 2 deletions(-)

--
2.15.1



2018-01-19 18:05:24

by Ladislav Michl

[permalink] [raw]
Subject: [PATCH 1/2] devres: Fix double mem region release in devm_ioremap_resource()

devm_release_mem_region() is called explicitely in case
devm_ioremap() fails, however the same release function
is later called also as devres release of
devm_request_mem_region() causing double resource free.

Fixes: 72f8c0bfa0de ("lib: devres: add convenience function to remap a resource")
Signed-off-by: Ladislav Michl <[email protected]>
---
lib/devres.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/lib/devres.c b/lib/devres.c
index 5f2aedd58bc5..584356a568d0 100644
--- a/lib/devres.c
+++ b/lib/devres.c
@@ -156,7 +156,6 @@ void __iomem *devm_ioremap_resource(struct device *dev, struct resource *res)
dest_ptr = devm_ioremap(dev, res->start, size);
if (!dest_ptr) {
dev_err(dev, "ioremap failed for resource %pR\n", res);
- devm_release_mem_region(dev, res->start, size);
dest_ptr = IOMEM_ERR_PTR(-ENOMEM);
}

--
2.15.1


2018-01-19 18:06:29

by Ladislav Michl

[permalink] [raw]
Subject: [PATCH 2/2] PCI: Fix double mem region release in devm_pci_remap_cfg_resource()

devm_release_mem_region() is called explicitely in case
devm_pci_remap_cfgspace() fails, however the same release
function is later called also as devres release of
devm_request_mem_region() causing double resource free.

Fixes: 490cb6ddb17d ("PCI: Implement devm_pci_remap_cfgspace()")
Signed-off-by: Ladislav Michl <[email protected]>
---
drivers/pci/pci.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 764ca7b8840d..8f9d81a23ca5 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -3607,7 +3607,6 @@ void __iomem *devm_pci_remap_cfg_resource(struct device *dev,
dest_ptr = devm_pci_remap_cfgspace(dev, res->start, size);
if (!dest_ptr) {
dev_err(dev, "ioremap failed for resource %pR\n", res);
- devm_release_mem_region(dev, res->start, size);
dest_ptr = IOMEM_ERR_PTR(-ENOMEM);
}

--
2.15.1


2018-01-19 23:37:21

by Ladislav Michl

[permalink] [raw]
Subject: Re: [PATCH 0/2] Fix double mem region release

On Fri, Jan 19, 2018 at 07:03:10PM +0100, Ladislav Michl wrote:
> Two one-liners for the same issue, second bug occurrence is just
> a copy&pasted mistake from 2011...
>
> Ladislav Michl (2):
> devres: Fix double mem region release in devm_ioremap_resource()
> PCI: Fix double mem region release in devm_pci_remap_cfg_resource()

Hmm, that is really shame :-/ My test setup triggered "Trying to free
nonexistent resource" warning, but dissasembly of lib/devres.o shows
no call to devres_destroy, which seems that WARN_ON in
__devm_release_region() is optimized out. Strange. So far sorry
for the noise, I'll try figure out what broke after weekend.

> drivers/pci/pci.c | 1 -
> lib/devres.c | 1 -
> 2 files changed, 2 deletions(-)
>
> --
> 2.15.1
>