Received: by 2002:a05:6358:111d:b0:dc:6189:e246 with SMTP id f29csp2059029rwi; Tue, 1 Nov 2022 03:24:05 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7BrD4KN5MfI/9/+cHSgZWpOYV6t/UyzmzQ18nfbNKxTLnraD358yoyNKPRu3+AIsaKkDIL X-Received: by 2002:a17:902:cac3:b0:186:6ce4:f94a with SMTP id y3-20020a170902cac300b001866ce4f94amr18338835pld.145.1667298245043; Tue, 01 Nov 2022 03:24:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667298245; cv=none; d=google.com; s=arc-20160816; b=BvjF4y9Pcr0QaprlM1TtHEAIXgN1zS08grUv4zYMcy4TySSJytOaYsc9ugoBAQGozz Q7d9GISFGg2xbz6jw3fe7GtQOyDrmxx/5534+3ovaOHj4ko4DszuMpjzuoPZsODcbg0F 7olZZVL3OaBoiwDDBXHp8XRf7R0I0VC9zGNxLFKc7V2+ISZgpK7y02CyQT1Cj4Ow7hLk DyqAyTS1WZLK8Bx0A9CdtnVqf/ZJeOI6ih6MRcbXCRiuHK007rKboc/8ZQDiWOyayYTY QzQPXD9zIZrDdNprjmBYqLcokxBpzwdqr4PN258vXTIG1PR6RQbqDa+rQJkw6eM4BkOi F8EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=uOfoinJ5yf3kB8rHVPFvaRwd7HAAHjEMLVVZqMfXv4I=; b=yZy3bO4gM7eR6YyThXQAXyyd3vJzwuhAhJTBNSrH/4OiWIcFHS9iJslA82PREm/p2t V0iC5dui57g2hluja3GNFjfLd78cxINHxjIhKcYdsDuA0AAuqu4Czsps6sCk9/uSZMZ9 54yEFzwk1KFNmUC1VqYZmzWjV2r90veUJqxi2BKFO+y0IvCPJVouiSbkV+RAoNJzVnsu UK2QGZ6YHXBwOEVMz2hWv5OViSmPGx2J2u+WaCwIHUygnxbkQxWN9hbVt8Qzx8hqagg/ 5np6b6aO5oqbTU/xjaAU/ury0onvwUVY1eYHlrRjKfJVxF6PUfd87icfg+Vdtiz79ovG rdiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ip9-20020a17090b314900b0020bc071d30csi13395927pjb.97.2022.11.01.03.23.52; Tue, 01 Nov 2022 03:24:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230425AbiKAJlg (ORCPT + 97 others); Tue, 1 Nov 2022 05:41:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230229AbiKAJkT (ORCPT ); Tue, 1 Nov 2022 05:40:19 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39DC319291 for ; Tue, 1 Nov 2022 02:40:07 -0700 (PDT) Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1opnka-0007Kh-Ma; Tue, 01 Nov 2022 10:40:04 +0100 Received: from sha by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1opnka-0003Bi-D9; Tue, 01 Nov 2022 10:40:04 +0100 Date: Tue, 1 Nov 2022 10:40:04 +0100 From: Sascha Hauer To: Bjorn Helgaas Cc: linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, Bjorn Helgaas , stable@vger.kernel.org Subject: Re: [PATCH] PCI/sysfs: Fix double free in error path Message-ID: <20221101094004.GD9130@pengutronix.de> References: <20221007065618.2169880-1-s.hauer@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221007065618.2169880-1-s.hauer@pengutronix.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::c0 X-SA-Exim-Mail-From: sha@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Bjorn, On Fri, Oct 07, 2022 at 08:56:18AM +0200, Sascha Hauer wrote: > When pci_create_attr() fails then pci_remove_resource_files() is called > which will iterate over the res_attr[_wc] arrays and frees every non > NULL entry. To avoid a double free here we have to set the failed entry > to NULL in pci_create_attr() when freeing it. > > Fixes: b562ec8f74e4 ("PCI: Don't leak memory if sysfs_create_bin_file() fails") > Signed-off-by: Sascha Hauer > Cc: > --- > drivers/pci/pci-sysfs.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) Any input to this one? There's this long unfixed race condition described here: https://patchwork.kernel.org/project/linux-pci/patch/20200716110423.xtfyb3n6tn5ixedh@pali/#23547255 And this patch at least prevents my system from crashing when this race condition occurs. Sascha > > diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c > index fc804e08e3cb5..a07381d46ddae 100644 > --- a/drivers/pci/pci-sysfs.c > +++ b/drivers/pci/pci-sysfs.c > @@ -1196,8 +1196,13 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) > res_attr->size = pci_resource_len(pdev, num); > res_attr->private = (void *)(unsigned long)num; > retval = sysfs_create_bin_file(&pdev->dev.kobj, res_attr); > - if (retval) > + if (retval) { > + if (write_combine) > + pdev->res_attr_wc[num] = NULL; > + else > + pdev->res_attr[num] = NULL; > kfree(res_attr); > + } > > return retval; > } > -- > 2.30.2 > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |