Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1534491rwl; Wed, 5 Apr 2023 19:41:06 -0700 (PDT) X-Google-Smtp-Source: AKy350ZrIJ0yqbfnjAJMcSIGwBa1D/dm5DNztTthElcGbiYJjF1wAkHJ+2emNccal88wNdo0Ujfw X-Received: by 2002:a05:6a20:3544:b0:d5:2f2a:ead4 with SMTP id f4-20020a056a20354400b000d52f2aead4mr1199585pze.47.1680748865995; Wed, 05 Apr 2023 19:41:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680748865; cv=none; d=google.com; s=arc-20160816; b=pZHvjrIxlF/FeVZfrmgj8fQ0XjlZZ0j84WfY7NKwsXDw9OuiQ8kl5PblPRq7OmZzjw JvGy5Q5+4ZN44jwP9+8ns9HJB/yzjJyhdeUC8X1I0B3cluMVhjGG8fzz04ZyVdQLjmli W98E8heTvtCGFsctdeu/TElvXYYBrDjgQ7Kn9NJ/i3pi+H7x1DSDfvPfOP0KipeRyb+P iUK52eTfi4GAvs/uXPjXtl/blnWygTUWsPs8UHjIOn3xEjmo3V6kvt1rI2RimnyMSMLr XsdVsPFkK+wWXvNJcYqMk0oa+Szh5ck915j+AuEvS6fSL0hR0qVsrduKuRWDfpoa6xnr llzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=nGRtsNvSGCB1U9oLua3uFTNlFZte1FijkWAC+kw5qf0=; b=KT1BWJHRyhPHswn8ebyY4t35n4OE2hS3DBa3Eu+xDHml68l6r6m/TqK7vNds/DGjhr aVBNHgY6MVeTa2KLzMIjjfL0cRdD4j9tXE3GPRme79g9AYaFpTh1QBVJVPp9t62YSfj1 pdFjBHfZvgLRW3uE2QSBzMwxbV5XAx8Eroz3IfkPOGnlA25TresJemlkWXZuyQMtVb7g 6oIRuziauCCkEROG6pDmHhjjZBneVJMi/kLrMKrnt76qr8TTXRcFVNVVlyyrBAt49F8K yj2gbMFgpqECGtTxYz2ADs8J6xoSTPgYyWOSSoWxsbJgB+bNyXQFjNlStfR/tMzIy/nm o2CQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=hArmBPqd; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="k6/mxp6J"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x22-20020aa79576000000b0062589faff17si288999pfq.28.2023.04.05.19.40.54; Wed, 05 Apr 2023 19:41:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=hArmBPqd; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="k6/mxp6J"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234824AbjDFCkQ (ORCPT + 99 others); Wed, 5 Apr 2023 22:40:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34638 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234707AbjDFCkO (ORCPT ); Wed, 5 Apr 2023 22:40:14 -0400 Received: from domac.alu.hr (domac.alu.unizg.hr [IPv6:2001:b68:2:2800::3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05D76A1 for ; Wed, 5 Apr 2023 19:40:14 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by domac.alu.hr (Postfix) with ESMTP id 52C4B604ED; Thu, 6 Apr 2023 04:40:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1680748812; bh=6iwS9N1f6yrv/fRw39XrCWuxjT36x9tRB2CPp+lKkJA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hArmBPqdR26Dnktm4X4gsuV7iRzcf0d4rwHyNceBMzE48kG0mhIaMhI5SzOG5oE4p EYcohcFuOiEwPvJ9gM/Zxnd/bCMr5ysWkRQmnXzj+RquKimXbokyJCDUApAdxiSmQi bzu6yjbhCkZJq+WZvGDGqPBS4+5rroghTxcvVXYUlGX6XP5Il137UKRNdC4NKYyD8v /L3Z99Wg5KPC8hB4WHkh0LekBfTrkhU7+Smq2duZLRxtgSKtH04vtqgW3GXIdH1JP8 EyaRGFvlJ1+lT/jwhpgLfu95xuZtc5CBP0/VmdCJs6EQYYtz1pBlUgmh98d1ithVEZ dWs1He3A7XGCg== X-Virus-Scanned: Debian amavisd-new at domac.alu.hr Received: from domac.alu.hr ([127.0.0.1]) by localhost (domac.alu.hr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YXHVEz7GHrb0; Thu, 6 Apr 2023 04:40:10 +0200 (CEST) Received: by domac.alu.hr (Postfix, from userid 1014) id 291A5604EF; Thu, 6 Apr 2023 04:40:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1680748810; bh=6iwS9N1f6yrv/fRw39XrCWuxjT36x9tRB2CPp+lKkJA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k6/mxp6Jpy2wUOPN2PBz8o/HiaUMgegmeEJrcGbp4Q9rlJcyOw2QYBeZFsm5mWh0S ouhEOuuyZOh7SJ0sNkWpcKnQbmU3YMaBaFDrFz867N/wUqPpVENPDgPhDs6+N2k/8P vsVwgUb/bh0bb67FNaCvjv22Llomkx/bMQe4qiKW3OvIVVPkyRDNJuQQF6w2SGV/cj R/90jI/OxkfyBCmCPc/zPDdzUJrRupHv85e1tK/tRtL6ao8YpGGMLYrT+NbH4sex8x +Wy+MlYFCXUr6rVEGM6MyC8j2Lhfbd5KyUkwrnXxjwGEabgS/E6pXL7ZqqGfWmMdK0 f+XusOOXRYxDg== From: Mirsad Goran Todorovac To: Greg Kroah-Hartman , Russ Weight , linux-kernel@vger.kernel.org Cc: Mirsad Goran Todorovac , Luis Chamberlain , Tianfei zhang , Christophe JAILLET , Zhengchao Shao , Colin Ian King , Dan Carpenter , Takashi Iwai Subject: [PATCH v3 2/2] test_firmware: fix memory leak in trigger_batched_requests_store() Date: Thu, 6 Apr 2023 03:53:19 +0200 Message-Id: <20230406015315.31505-2-mirsad.todorovac@alu.unizg.hr> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230406015315.31505-1-mirsad.todorovac@alu.unizg.hr> References: <20230406015315.31505-1-mirsad.todorovac@alu.unizg.hr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org trigger_batched_requests_store() and trigger_batched_requests_async_store() both caused test_fw_config->reqs ptr to be overwritten with the new call to either function and the vzalloc() call, leaving the old memory object unreferenced. Semantically the most simple and prudent solution seemed to be returning the -EBUSY errno in this case, rather than permitting a kernel memory leak. However, this did fix closed only these obvious leaks, not all that are present in the test firmware loader. Cc: Greg Kroah-Hartman Cc: Luis Chamberlain Cc: Russ Weight Cc: Tianfei zhang Cc: Mirsad Goran Todorovac Cc: Christophe JAILLET Cc: Zhengchao Shao Cc: Colin Ian King Cc: linux-kernel@vger.kernel.org Suggested-by: Dan Carpenter Suggested-by: Takashi Iwai Signed-off-by: Mirsad Goran Todorovac --- lib/test_firmware.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/test_firmware.c b/lib/test_firmware.c index 272af8dc54b0..b81f5621626e 100644 --- a/lib/test_firmware.c +++ b/lib/test_firmware.c @@ -919,6 +919,11 @@ static ssize_t trigger_batched_requests_store(struct device *dev, mutex_lock(&test_fw_mutex); + if (test_fw_config->reqs) { + rc = -EBUSY; + goto out_bail; + } + test_fw_config->reqs = vzalloc(array3_size(sizeof(struct test_batched_req), test_fw_config->num_requests, 2)); @@ -1017,6 +1022,11 @@ ssize_t trigger_batched_requests_async_store(struct device *dev, mutex_lock(&test_fw_mutex); + if (test_fw_config->reqs) { + rc = -EBUSY; + goto out_bail; + } + test_fw_config->reqs = vzalloc(array3_size(sizeof(struct test_batched_req), test_fw_config->num_requests, 2)); -- 2.30.2