Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp756190pxb; Tue, 29 Mar 2022 10:22:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxT15vx5E1K3oLTgBJx7mPHe3SWMOLe2mSYwxrW25crRPPnO4ldPz6BnofuN2v2INweO/Ir X-Received: by 2002:a17:906:3a4f:b0:6cf:86e0:586c with SMTP id a15-20020a1709063a4f00b006cf86e0586cmr35208286ejf.626.1648574515864; Tue, 29 Mar 2022 10:21:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648574515; cv=none; d=google.com; s=arc-20160816; b=dRdGdfYtnNrI56W3rmd70E5GosoYVHcWzy6ta2SW3NLjZ/SpXG0zFuB4s/GQa9MsSX 8dQSmjyX87wKZZku2xWx/vtVWnh+0ReOJORRbe1rgCqRl9Vwjlfwvz1wTtHW37mhaU2a +XMa3UMcB369cD6BRBLirP8qHtRCcPvi1gF/gC0SAFS6oY41lfKQhNwCS30MPu9dGloO uUx/W4pRy79xGGHVqZ/NCDEIEhfrE2U/mO1SG98ZjhNy3Lgs3qoy1Dg4RAH7yVV/E/WF NWMoJ74C4VYOY4udXNiz3prTG35lhD2HHnk4Sl0hkZnCK2MXVIIm8bbKjdbHFAfWqwll c+4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=wISsiOuraIoRk67zd5PB0GX+JHPXWoyxMEfUNvmyJWQ=; b=k5hp5BEgrPq9h/qnyZh7dF+HIN0M62IdK7xK7D/STccqNvKXN4+nT0xRFer3PV0CIr GJ5bu71mO3n5tHOY+xEjDhFlTNYWAJqe2Wy98eglYJzFmW7bb0CPqKUc13sCc9eZ/u3J R/QNiMcFo6AjSXSd5rH3IvZAW1hJmZJbJ9jQ8+6w78xYu714T5pkk0lulUO+4BbexJEG NSNlpCuSthw+vRwLvahMObWL+o2efhj0fDtm9z27kCvk9QE44JNHnVV+E+/Jy9C/DcV8 emBbz63hkfwHdfRqGlpo/XcZlOTBHuuT/RE4RUBcy9VhtTrQkOI4lw5LFaYc/ppJkwza 99Xw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gnuweeb.org header.s=default header.b=WSnV1Kwm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnuweeb.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oq21-20020a170906cc9500b006e11851a042si6932764ejb.406.2022.03.29.10.21.27; Tue, 29 Mar 2022 10:21:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gnuweeb.org header.s=default header.b=WSnV1Kwm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnuweeb.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235401AbiC2KtV (ORCPT + 99 others); Tue, 29 Mar 2022 06:49:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235399AbiC2KtQ (ORCPT ); Tue, 29 Mar 2022 06:49:16 -0400 Received: from gnuweeb.org (gnuweeb.org [51.81.211.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 519C32493FE; Tue, 29 Mar 2022 03:47:30 -0700 (PDT) Received: from integral2.. (unknown [182.2.70.161]) by gnuweeb.org (Postfix) with ESMTPSA id 95FDE7E730; Tue, 29 Mar 2022 10:47:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1648550849; bh=xQLROf1mQKyJFxRsJjuQiVAUI8GU+Wo/R6YJPVHiVwE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WSnV1KwmemuCBpfphq4rfWvdgDUS8kpsXg+KnxzX4XEVkDkXAKI73cIc+aclqdjDl m2ybsuFLrXfciYGO9JkkBUEGcQP/hD3iennfYyPtLjSdYCtnA63SVAkKtJoGw6FYhz /LKOV4G42N6rH53wrNSWdQaSQD0QESHkCVIBO4ZAPEKiXklvSaIhNrz/iIkgu8S5ZS kdwuwP5vQqEow49tZADiIXZAPNxP1wJdXyhT5qmiZieTYZ0gMhqGJzkFesGX0vcoA0 moIy78du6kGSn6MMUqTdJIooT2BGbtyWJbixyuWtGjFVrO0EiJ++m8dKl4BJNQ8f/W sMGXPj1QdAjww== From: Ammar Faizi To: Borislav Petkov , Thomas Gleixner Cc: Ammar Faizi , Alviro Iskandar Setiawan , Dave Hansen , "H. Peter Anvin" , Ingo Molnar , Tony Luck , Yazen Ghannam , Linux Edac Mailing List , Linux Kernel Mailing List , Stable Kernel , GNU/Weeb Mailing List , x86 Mailing List Subject: [PATCH v6 2/2] x86/MCE/AMD: Fix memory leak when `threshold_create_bank()` fails Date: Tue, 29 Mar 2022 17:47:05 +0700 Message-Id: <20220329104705.65256-3-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220329104705.65256-1-ammarfaizi2@gnuweeb.org> References: <20220329104705.65256-1-ammarfaizi2@gnuweeb.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In mce_threshold_create_device(), if threshold_create_bank() fails, the @bp will be leaked, because the call to mce_threshold_remove_device() will not free the @bp. mce_threshold_remove_device() frees @threshold_banks. At that point, the @bp has not been written to @threshold_banks, @threshold_banks is NULL, so the call is just a nop. Fix this by extracting the cleanup part into a new static function __threshold_remove_device(), then call it from create/remove device functions. Also, eliminate the "goto out_err", just early return inside the loop if the creation fails. Cc: stable@vger.kernel.org # v5.8+ Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path") Co-developed-by: Alviro Iskandar Setiawan Signed-off-by: Alviro Iskandar Setiawan Co-developed-by: Yazen Ghannam Signed-off-by: Yazen Ghannam Signed-off-by: Ammar Faizi --- v6: - Change the helper function name to __threshold_remove_device(). --- arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 1940d305db1c..d293ae088d6b 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -1294,10 +1294,23 @@ static void threshold_remove_bank(struct threshold_bank *bank) kfree(bank); } +static void __threshold_remove_device(struct threshold_bank **bp, + unsigned int numbanks) +{ + unsigned int bank; + + for (bank = 0; bank < numbanks; bank++) { + if (bp[bank]) { + threshold_remove_bank(bp[bank]); + bp[bank] = NULL; + } + } + kfree(bp); +} + int mce_threshold_remove_device(unsigned int cpu) { struct threshold_bank **bp = this_cpu_read(threshold_banks); - unsigned int bank, numbanks = this_cpu_read(mce_num_banks); if (!bp) return 0; @@ -1308,13 +1321,7 @@ int mce_threshold_remove_device(unsigned int cpu) */ this_cpu_write(threshold_banks, NULL); - for (bank = 0; bank < numbanks; bank++) { - if (bp[bank]) { - threshold_remove_bank(bp[bank]); - bp[bank] = NULL; - } - } - kfree(bp); + __threshold_remove_device(bp, this_cpu_read(mce_num_banks)); return 0; } @@ -1351,15 +1358,14 @@ int mce_threshold_create_device(unsigned int cpu) if (!(this_cpu_read(bank_map) & (1 << bank))) continue; err = threshold_create_bank(bp, cpu, bank); - if (err) - goto out_err; + if (err) { + __threshold_remove_device(bp, numbanks); + return err; + } } this_cpu_write(threshold_banks, bp); if (thresholding_irq_en) mce_threshold_vector = amd_threshold_interrupt; return 0; -out_err: - mce_threshold_remove_device(cpu); - return err; } -- Ammar Faizi