Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp521718imm; Fri, 10 Aug 2018 16:09:27 -0700 (PDT) X-Google-Smtp-Source: AA+uWPwwBqXkkU87Awe/IeqVyjRZG696JSWRje/4r0wEBlZnk4tRlhp6gs8ImJq/BirlfSFBWEBF X-Received: by 2002:a63:5922:: with SMTP id n34-v6mr8224527pgb.113.1533942567604; Fri, 10 Aug 2018 16:09:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533942567; cv=none; d=google.com; s=arc-20160816; b=tyIFX1r9JmuyYLjETvWCJ+LhlwjSRDIxkAoEnEu8tlt1XGbqePCYIL99N9QMweGRlL 6K8WTqagVqrsRk/cSBo3UiBgZEb6m0h2NKyVlJ0n1ikSscvKoWUegjrJ2LGrwdTZwfOS 46121EVIYB5Se4dMhtSJxyhzPOTeV/Na5biQVUUaulXMZwPF5oKxIXoZTZZOyZO+r/IT H2OLRSvLiVGzP+PzlAlM0oXTmNno8GW15E10du71zCPwD9/ug5ohTFKrwACFZJwRbDYK 0Emz0qwYZqkPsGqAaksfY/xyQ8NsMYeVDu8aEZpZWPAdgJSuoH06jui16Lu4dJRgG7a2 B39w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:reply-to:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=OIvtGZ+RBIhgckfW9yANLYU2SegEq+kRx19iZUzD74Q=; b=oOq4B+cHscAAfX/PGkFD9KyqS85/DCwKr9gs7ZMFzXPIeVHE8+nXavqtulPfZlz/El KJDfCud4g+hz0/bp9Flh+lLABExsHxnZhmVXzAcQ+LI5j1h2tOjcGenaRfAIQPHYUOd7 piD18bGZSoQJG4PBPxyyeXB2hjEwnJdwnkulY6WTYG0COzXblrPyClOns2kDIpUB2I2w mCBZICeBvM6lnUM/V12UCVTNhcJo1QP+GwZdfPmLmZuvJIC+czZtZ1WSgCnMrSOvcuJH aGzeXusqTfIv+7HD1oe+TDpu0A9yaIpAld+/7Qet/o3g0JLPK1EwsV16TWuaHSpe/U+Y UM9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p67-v6si10216384pfg.295.2018.08.10.16.09.13; Fri, 10 Aug 2018 16:09:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727326AbeHKBjK (ORCPT + 99 others); Fri, 10 Aug 2018 21:39:10 -0400 Received: from a2nlsmtp01-04.prod.iad2.secureserver.net ([198.71.225.38]:54700 "EHLO a2nlsmtp01-04.prod.iad2.secureserver.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727206AbeHKBjK (ORCPT ); Fri, 10 Aug 2018 21:39:10 -0400 Received: from linuxonhyperv2.linuxonhyperv.com ([107.180.71.197]) by : HOSTING RELAY : with SMTP id oGU1f4oyMq9i0oGU1fSK4z; Fri, 10 Aug 2018 16:06:13 -0700 x-originating-ip: 107.180.71.197 Received: from kys by linuxonhyperv2.linuxonhyperv.com with local (Exim 4.91) (envelope-from ) id 1foGU1-0000ZE-1z; Fri, 10 Aug 2018 16:06:13 -0700 From: kys@linuxonhyperv.com To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, devel@linuxdriverproject.org, olaf@aepfle.de, apw@canonical.com, jasowang@redhat.com, sthemmin@microsoft.com, Michael.H.Kelley@microsoft.com, vkuznets@redhat.com Cc: Michael Kelley , "K . Y . Srinivasan" Subject: [PATCH 5/5] Drivers: hv: vmbus: Fix synic per-cpu context initialization Date: Fri, 10 Aug 2018 23:06:11 +0000 Message-Id: <20180810230611.2114-5-kys@linuxonhyperv.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180810230611.2114-1-kys@linuxonhyperv.com> References: <20180810230520.2055-1-kys@linuxonhyperv.com> <20180810230611.2114-1-kys@linuxonhyperv.com> Reply-To: kys@microsoft.com X-CMAE-Envelope: MS4wfHsqQEKkIf7CyfGr4vNHEQvjCb0NoDYYqX5+FbVjP9iuZIYtVfTmZgyhPlx5wwey9QBdy/YyzIhm8XvmyJEyiFekESkytkXGU3e9Tydw+clrIl0CfU8K U+TSNmbW4EiD4QnRdzllapVsTIt95G2vTNRMVo6soyqizfMrsxnpr3AkPXIMhdoWlAPwzqDTs9+0Seby98c68j+SZfpEyJrBCqOH2wTqtH9jM5ORuZDv9La3 3UhjoJPqCyTuxPL+9Pq0kTRCfNslFPh3YIprh49NLAa4e5/F02qA+RLIXtUuSPsLusg5gXLE/RddXWFPEuI1pWmDe1z2yyioJi0dd9CwiuJDDwj9QB5QxW4g PV/5jXty31VZ4CK683+TkM7S/QOMTE1Z8LCyQQAinecbl/mcPDTKRrT13xRgdlbb7xfDNHcIqUXjYMsRuclvFzrD0ZOSlcBnGVoE64ivKvTVGMCKAyMv2is3 TCm6XiSkWwlYX98F08uHDvPxsdZQaWrizl3prEQzpj0KVy+v4c4bNMZDsAbwoO7I73d91w213RmhmWd74bqmqlgBHNNuevZCM416mw== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Michael Kelley If hv_synic_alloc() errors out, the state of the per-cpu context for some CPUs is unknown since the zero'ing is done as each CPU is iterated over. In such case, hv_synic_cleanup() may try to free memory based on uninitialized values. Fix this by zero'ing the per-cpu context for all CPUs before doing any memory allocations that might fail. Signed-off-by: Michael Kelley Reported-by: Dan Carpenter Signed-off-by: K. Y. Srinivasan --- drivers/hv/hv.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 748a1c4172a6..332d7c34be5c 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -189,6 +189,17 @@ static void hv_init_clockevent_device(struct clock_event_device *dev, int cpu) int hv_synic_alloc(void) { int cpu; + struct hv_per_cpu_context *hv_cpu; + + /* + * First, zero all per-cpu memory areas so hv_synic_free() can + * detect what memory has been allocated and cleanup properly + * after any failures. + */ + for_each_present_cpu(cpu) { + hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); + memset(hv_cpu, 0, sizeof(*hv_cpu)); + } hv_context.hv_numa_map = kcalloc(nr_node_ids, sizeof(struct cpumask), GFP_KERNEL); @@ -198,10 +209,8 @@ int hv_synic_alloc(void) } for_each_present_cpu(cpu) { - struct hv_per_cpu_context *hv_cpu - = per_cpu_ptr(hv_context.cpu_context, cpu); + hv_cpu = per_cpu_ptr(hv_context.cpu_context, cpu); - memset(hv_cpu, 0, sizeof(*hv_cpu)); tasklet_init(&hv_cpu->msg_dpc, vmbus_on_msg_dpc, (unsigned long) hv_cpu); -- 2.18.0