Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp18560444ybl; Fri, 3 Jan 2020 04:52:05 -0800 (PST) X-Google-Smtp-Source: APXvYqyQQ2fnU3rpU0BHXtWXzToICiZ4kubeQMq+d9J07f2/fw4157aPT21YVJ20gyVmREy238Sx X-Received: by 2002:a9d:74d8:: with SMTP id a24mr103225697otl.100.1578055925617; Fri, 03 Jan 2020 04:52:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578055925; cv=none; d=google.com; s=arc-20160816; b=V64Yr/IzbrNWvxHPEELJJj2NL5X6/qdyP1ommC8YeV+71xiCRC2yZPUmwZ36EFy8ha /FOqZL2tZGD48m96NvN9wD0eEZHclaitraqgzGdrZL0aBGGFTQvTKFCR9IemK6PTI0If B/eN1DmylKpeKgOjuiAxV+QTSFyG6bP/i/1e7CeY///2LxTpPp5Eh2MRI/DBjbQzOfn9 zxJ1ivPue/Fk0LEbVEXOYQjH+25dwd7VVSijnVrs/cQtAmgTL1/IIWlLmSQyABbCfQMj DXzMPA5ZhE2rQdjbvEOOelRh7RFTKbkNNbG5VnlnXc7LOxq8SmkRd9xAltxuI5dPOxWm F+sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:dkim-signature:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=4/mNdoW5Rf3TahSob4C8kQfsxPpZb4ld27pU9hnmESM=; b=uQ7+5HX3GjF61+S1HFMcXwiDSq8fafQ52iOVs734Wjyh9Bfjo1FIVD8PV7ckWbIvct N4ME+rcxq+Mkcms+tyxjctlTy22ka1K7E+QMmzulSKUhST4oPNy/S/u8+Ym1XX4fk7r2 xmysGTPLUfd+LPIJEVhwX3PZdawYg48NHg2olcaEPRAx0hOyaMh5eEne8Pp+466BDC9n tFRVTH9r0pft0dXlqOBlzTD98sgdjIs87ZbCy+PLToygI7o0Dq5FMu6iNI4Gzu/gwBZn Ef0cIy3cRvDby4191EKaTz0ih0Aq1YQPrvdmZK1r/1ghHB9f0/0ewldNtpLLcrJ835QK DFiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b=ahXwc04y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z2si27774778oix.100.2020.01.03.04.51.52; Fri, 03 Jan 2020 04:52:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b=ahXwc04y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727657AbgACMuR (ORCPT + 99 others); Fri, 3 Jan 2020 07:50:17 -0500 Received: from hqnvemgate26.nvidia.com ([216.228.121.65]:18384 "EHLO hqnvemgate26.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727350AbgACMuR (ORCPT ); Fri, 3 Jan 2020 07:50:17 -0500 Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate26.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Fri, 03 Jan 2020 04:50:00 -0800 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate101.nvidia.com (PGP Universal service); Fri, 03 Jan 2020 04:50:15 -0800 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Fri, 03 Jan 2020 04:50:15 -0800 Received: from [10.19.66.63] (172.20.13.39) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 3 Jan 2020 12:50:13 +0000 Subject: Re: [PATCH V1] nvmem: core: fix memory abort in cleanup path To: Thierry Reding CC: Srinivas Kandagatla , Greg Kroah-Hartman , Rob Herring , , Jonathan Hunter References: <1577592162-14817-1-git-send-email-bbiswas@nvidia.com> <20200102124445.GB1924669@ulmo> <7abb79c6-b497-98b3-45ff-44d751f1c781@nvidia.com> <20200103071152.GA1933715@ulmo> From: Bitan Biswas Message-ID: Date: Fri, 3 Jan 2020 04:50:10 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20200103071152.GA1933715@ulmo> X-Originating-IP: [172.20.13.39] X-ClientProxiedBy: HQMAIL107.nvidia.com (172.20.187.13) To HQMAIL107.nvidia.com (172.20.187.13) Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1578055800; bh=4/mNdoW5Rf3TahSob4C8kQfsxPpZb4ld27pU9hnmESM=; h=X-PGP-Universal:Subject:To:CC:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:X-Originating-IP: X-ClientProxiedBy:Content-Type:Content-Language: Content-Transfer-Encoding; b=ahXwc04yl0X/aSixwhIURdDlmzrvaqFScTbuZO9t5Bh3QOZRfVRKtWUROu55tPP7I dLy/zbPG25sLahfz1PUdwf9xF+84/UCAuAyCXJDS86SCsaiivDiOxkxQr+SofF+Im0 lr6L6QG7FrWBFrlPZ2+VTR2kzueZy2K5GT+8kPczBemtx0f0OomsVGrywthur5TCRx OduBQkO7dKNEGnksy6HqFRPERzzpH0Q/A+qMg7Z0QIx6lr0LYVOx94POWqTp43h+kd 5vwy3VEx8mpV173bF7lNUP/Y4ROOxV2EslI32PpQSEbQv7gA2M2cUCC5cp8aH6fsh9 6q/Sz0BeO/kaQ== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Thierry, On 1/2/20 11:11 PM, Thierry Reding wrote: > On Thu, Jan 02, 2020 at 10:51:24AM -0800, Bitan Biswas wrote: >> >> Hi Thierry, >> >> On 1/2/20 4:44 AM, Thierry Reding wrote: >>> On Sat, Dec 28, 2019 at 08:02:42PM -0800, Bitan Biswas wrote: >>>> nvmem_cell_info_to_nvmem_cell implementation has static >>>> allocation of name. nvmem_add_cells_from_of() call may >>>> return error and kfree name results in memory abort. Use >>>> kasprintf() instead of assigning pointer and prevent kfree crash. >>>> >>>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c >>>> index 9f1ee9c..0fc66e1 100644 >>>> --- a/drivers/nvmem/core.c >>>> +++ b/drivers/nvmem/core.c >>>> @@ -110,7 +110,7 @@ static int nvmem_cell_info_to_nvmem_cell(struct nvmem_device *nvmem, >>>> cell->nvmem = nvmem; >>>> cell->offset = info->offset; >>>> cell->bytes = info->bytes; >>>> - cell->name = info->name; >>>> + cell->name = kasprintf(GFP_KERNEL, "%s", info->name); >> >>> >>> kstrdup() seems more appropriate here. >> Thanks. I shall update the patch as suggested. >> >>> >>> A slightly more efficient way to do this would be to use a combination >>> of kstrdup_const() and kfree_const(), which would allow read-only >>> strings to be replicated by simple assignment rather than duplication. >>> Note that in that case you'd need to carefully replace all kfree() calls >>> on cell->name by a kfree_const() to ensure they do the right thing. >> kfree(cell->name) is also called for allocations in function >> nvmem_add_cells_from_of() through below call >> kasprintf(GFP_KERNEL, "%pOFn", child); >> >> My understanding is kfree_const may not work for above allocation. > > kfree_const() checks the location that the pointer passed to it points > to. If it points to the kernel's .rodata section, it returns and only > calls kfree() otherwise. Similarily, kstrdup_const() returns its > argument if it points to the .rodata section and duplicates the string > otherwise. On the other hand, pointers returned by kasprintf() will > never point to the .rodata section, so kfree_const() will result in > kfree() getting called. > > That said, the savings here are fairly minimal, so I don't feel very > strongly about this. Feel free to go with the kstrdup() variant. Thanks for the explanation. I would test the implementation with the _const functions you suggested and send updated patch. -regards, Bitan