Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp724683rwd; Sat, 27 May 2023 05:38:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4m4QPgeY5AbpbrlU5LN7/n/UmRmdmwQ1bFUfFRu0dLEq9GG9k12QonQ/7dlMFd170T5pkK X-Received: by 2002:a05:6a20:158b:b0:f4:fd7:db9f with SMTP id h11-20020a056a20158b00b000f40fd7db9fmr2573109pzj.17.1685191107064; Sat, 27 May 2023 05:38:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685191107; cv=none; d=google.com; s=arc-20160816; b=UG7FnYevZMDpPr8sthcBPYtKw5Z3ZukJCJaDKnqEwbA8aQehYAoXN/Yq8HAXc0DByO Gng5HozSbg/8PJ0cWId63dQIZaMCnuaF/j6jxFR4b8SKsCLsFLNFO9dunUK2B+D5x95j YCVWAgfZPdqauX+ORpiIEVjDFpVZlpakxH6TOyFWONHNMwqwxl7UPE3/Su2C5w6xOvBJ FkqHdDjTiFL53np98De7Jq7/AMxWbZO/+7dX9Ga4dfzZCY0cKcC7bufNgCPClNoIwCvb xs28TWSzwSg535HGzZbcFlyBZt3y+ScWNZmzixP3+Uw8oUwId39lKgmHIYRsujaBVdkM ThGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=PST880BpELyy9+d8GCym7/5nKpjrTWMHy/OhzDqiDaA=; b=xK+d4zNeC3c1mBJzFiAYZZOrGyeE5iyLfyd+a8hNCEChpMDVEQujSwdqzRgMbQaE1G gMPIj+IsZaz10kkN5fnMgAtlb5Z6fCPbht1syEeXfFs/ViS30RyXuE2I1ofsVGTul8uQ anjJnqc7b8jCAg4XUlCFpWQ9o+rUA1EU/A1uFirMLTl3aRS5iRW/ORjExI07Xg68nB0z HDcdj/0OH2PpRUGvjOBFJBeKG3y4fAlgA+f4VC8VS/a2FJSHjEjVwYTy29KN5aAReAox sNjjBn66KH0PNIqJNuUF83Rqg/YpaA/sJVfmKxTsvIIZ/d8DlRfuKDafXR9H0fri7P/T LnRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z22-20020a63b916000000b0051b37c000dcsi1433473pge.81.2023.05.27.05.38.11; Sat, 27 May 2023 05:38:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232589AbjE0MgQ (ORCPT + 99 others); Sat, 27 May 2023 08:36:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232540AbjE0MgL (ORCPT ); Sat, 27 May 2023 08:36:11 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D315E13D for ; Sat, 27 May 2023 05:35:50 -0700 (PDT) Received: from dggpemm500006.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QT1V70jw7zTkdx; Sat, 27 May 2023 20:35:43 +0800 (CST) Received: from thunder-town.china.huawei.com (10.174.178.55) by dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sat, 27 May 2023 20:35:47 +0800 From: Zhen Lei To: Eric Biederman , Baoquan He , , CC: Zhen Lei , Michael Holzheu , Andrew Morton , Amerigo Wang Subject: [PATCH 1/6] kexec: fix a memory leak in crash_shrink_memory() Date: Sat, 27 May 2023 20:34:34 +0800 Message-ID: <20230527123439.772-2-thunder.leizhen@huawei.com> X-Mailer: git-send-email 2.37.3.windows.1 In-Reply-To: <20230527123439.772-1-thunder.leizhen@huawei.com> References: <20230527123439.772-1-thunder.leizhen@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.174.178.55] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500006.china.huawei.com (7.185.36.236) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the value of parameter 'new_size' is in the semi-open and semi-closed interval (crashk_res.end - KEXEC_CRASH_MEM_ALIGN + 1, crashk_res.end], the calculation result of ram_res is: ram_res->start = crashk_res.end + 1 ram_res->end = crashk_res.end The operation of function insert_resource() fails, and ram_res is not added to iomem_resource. As a result, the memory of the control block ram_res is leaked. In fact, on all architectures, the start address and size of crashk_res are already aligned by KEXEC_CRASH_MEM_ALIGN. Therefore, we do not need to round up crashk_res.start again. Instead, we should round up 'new_size' in advance. Fixes: 6480e5a09237 ("kdump: add missing RAM resource in crash_shrink_memory()") Fixes: 06a7f711246b ("kexec: premit reduction of the reserved memory size") Signed-off-by: Zhen Lei --- kernel/kexec_core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 3d578c6fefee385..22acee18195a591 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -1122,6 +1122,7 @@ int crash_shrink_memory(unsigned long new_size) start = crashk_res.start; end = crashk_res.end; old_size = (end == 0) ? 0 : end - start + 1; + new_size = roundup(new_size, KEXEC_CRASH_MEM_ALIGN); if (new_size >= old_size) { ret = (new_size == old_size) ? 0 : -EINVAL; goto unlock; @@ -1133,9 +1134,7 @@ int crash_shrink_memory(unsigned long new_size) goto unlock; } - start = roundup(start, KEXEC_CRASH_MEM_ALIGN); - end = roundup(start + new_size, KEXEC_CRASH_MEM_ALIGN); - + end = start + new_size; crash_free_reserved_phys_range(end, crashk_res.end); if ((start == end) && (crashk_res.parent != NULL)) -- 2.25.1