Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10501551rwl;
        Mon, 2 Jan 2023 03:49:53 -0800 (PST)
X-Google-Smtp-Source: AMrXdXulY1XgcCTl6aaVRqNDJ7FuJr8jB1NebNWIg1i2NfV3gOBNy/Xg9Xau4RbA6lZe8PJs7o0X
X-Received: by 2002:a05:6a20:42a6:b0:ad:ade2:4b57 with SMTP id o38-20020a056a2042a600b000adade24b57mr62247723pzj.42.1672660193372;
        Mon, 02 Jan 2023 03:49:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672660193; cv=none;
        d=google.com; s=arc-20160816;
        b=eMhwnaDHLj919Cu8/1RAV+oCrhVO5+aAfTacyOx6UeDuEjRhKMJ+df6lnLgdOeK565
         aq7Grgu6BiAAwGou+b4mxy45Qgga0mU3DOJMuuePAF3Jzspo7ZZimZPBPQv0abbdlz3P
         Wsb/bVhxNSsKNrcXAtwWT6BY4VdeMlbf/kFUFPBUSsKLss0V+jND00Zp2eriNor/Bkss
         QjlZh3hUZn6Vt+TbtmJMKN4pWHq6U3t1Gsg0JrT9LO/C+NQjt+dybiWFSR5Dwc6+x9qf
         pjR5/sWe5VDSy83fepsddTd17MnQgm63bcKwDw3i1GP4iIRHmaxSU9Mnk4aNZOv5o1eA
         J/kQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature:dkim-signature;
        bh=UQAlrbzgtjeIFrA5dYab+msufJTFn2SqYAHrGprOuUs=;
        b=urlRE289v7IeuTfVBwzlRhta2cMQoszqSEIiMjzZZe65wdayqSee3wGc8k7oQvbrLK
         ThxAfAjnrtxP3cLL0K8d9kziHqPnidXLsobsyrKjq6oBlq3IjSrce2fSkGkhlTeJoICg
         SdLLWWXGai56hWUtw3cUQaldqZLxZDc6jWxv6DG97nYqJiAgD+wQvYLNrDNirbKH6mRU
         Xitt9ovSoSxCaHWzPZgdt3QDEj2GglefaTEIhOuUhSiMUQmGx9ZkrNfr7xBdFYkIZ7X2
         VtoSyjsQ6x7zodHXazgOiUqye/1dNR2NXhxoncTunAkWTOfQQXy4B3dwYYm2JEd0Faxm
         HtuA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=P9mK4fvm;
       dkim=neutral (no key) header.i=@suse.cz;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id me5-20020a17090b17c500b00218bca92794si31924592pjb.114.2023.01.02.03.49.45;
        Mon, 02 Jan 2023 03:49:53 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=P9mK4fvm;
       dkim=neutral (no key) header.i=@suse.cz;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232579AbjABLiD (ORCPT <rfc822;aadipersonal10@gmail.com>
        + 61 others); Mon, 2 Jan 2023 06:38:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54828 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232427AbjABLiC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jan 2023 06:38:02 -0500
Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 154D663DC
        for <linux-kernel@vger.kernel.org>; Mon,  2 Jan 2023 03:37:58 -0800 (PST)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id 9866D34098;
        Mon,  2 Jan 2023 11:37:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
        t=1672659477; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=UQAlrbzgtjeIFrA5dYab+msufJTFn2SqYAHrGprOuUs=;
        b=P9mK4fvmIh2uDVanuyfLPeuQTR2j/z5I2y1RhIxVzoCjpjaxG+8feop9kc3ALkoGzOQWU+
        Ivb24++c12bSPLmUIgwoiwQSS/55bX3tL/qeWiLBPQ0AvGRHd68J92SkKKe2x27/w0jFrP
        A3gLDq6qX/uUAhOUiSNCPO+rGjn3jr4=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
        s=susede2_ed25519; t=1672659477;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=UQAlrbzgtjeIFrA5dYab+msufJTFn2SqYAHrGprOuUs=;
        b=sq6z5nAtcflnEB+QOL8Nb6aH3vF3Uju5ij2YHrRX/7IBq1Ts3J6DrjNCI48TGaLXoNIlCx
        jPUFy2o16WCB57CQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 6756B139C8;
        Mon,  2 Jan 2023 11:37:57 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id dvSHGBXCsmMTdgAAMHmgww
        (envelope-from <vbabka@suse.cz>); Mon, 02 Jan 2023 11:37:57 +0000
Message-ID: <0065d875-a13c-c327-7d53-d376e235bf3d@suse.cz>
Date:   Mon, 2 Jan 2023 12:37:57 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.1
Subject: Re: [PATCH] x86/kexec: Fix double-free of elf header buffer
Content-Language: en-US
To:     Takashi Iwai <tiwai@suse.de>, x86@kernel.org
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Baoquan He <bhe@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-kernel@vger.kernel.org
References: <20221122115122.13937-1-tiwai@suse.de>
From:   Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <20221122115122.13937-1-tiwai@suse.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_SOFTFAIL autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/22/22 12:51, Takashi Iwai wrote:
> The recent fix for memory leaks forgot to clear the error path that
> already does vfree() for the elf headers.  This may result in a
> double-free.
> 
> Drop the superfluous vfree() call at the error path of
> crash_load_segments().
> 
> Fixes: b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer")
> Signed-off-by: Takashi Iwai <tiwai@suse.de>

Acked-by: Vlastimil Babka <vbabka@suse.cz>

> ---
>  arch/x86/kernel/crash.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
> index 9730c88530fc..305514431f26 100644
> --- a/arch/x86/kernel/crash.c
> +++ b/arch/x86/kernel/crash.c
> @@ -401,10 +401,8 @@ int crash_load_segments(struct kimage *image)
>  	kbuf.buf_align = ELF_CORE_HEADER_ALIGN;
>  	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>  	ret = kexec_add_buffer(&kbuf);
> -	if (ret) {
> -		vfree((void *)image->elf_headers);
> +	if (ret)
>  		return ret;
> -	}
>  	image->elf_load_addr = kbuf.mem;
>  	pr_debug("Loaded ELF headers at 0x%lx bufsz=0x%lx memsz=0x%lx\n",
>  		 image->elf_load_addr, kbuf.bufsz, kbuf.memsz);