Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp2469779rdb; Mon, 5 Feb 2024 07:32:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IHx+nxUafC9eoS1cVMwgO2/o1+0nZC5pgUUFg+JOaqU8T6xu6QOdGFUTiB9BaXBNomCikT+ X-Received: by 2002:a05:620a:2205:b0:783:f7b0:375d with SMTP id m5-20020a05620a220500b00783f7b0375dmr14472627qkh.70.1707147173585; Mon, 05 Feb 2024 07:32:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707147173; cv=pass; d=google.com; s=arc-20160816; b=x2ZM6UBhV65f6lERNHUbbE5gF422bWmLl9oMlzc+0V3QS/hO39MDey9VYNKCEX0L1g 3HMYnfvXwzRNPq35Z2FiqJjXo/2d3a2Y+RY1mm2ss9OY6BmZO4nwmzKJABtMxWcgk3Pg zFFll/Ho0DkP/M++EsO2if/c4FDqJ3j29aLLfEob492tkEMSDAIUBKVoqmTDvnBAsaeO GftIrxJiX8HazXW8A+f4TVvSG6Kr2OyVF4XZLGLJ01bsqYVdcMjv0HjaQSi7z4tSCY3N 1quNnT4OIBdZE4tUKp7+UlOWeZJPBOLw7mK6noAsoGlS5ZpMeMx6x8xJdLxhgad93Ypf cX9w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=5cmHMEglTrHL1InOPqgbIF8qUG9TP0hZsvpYXW0IyZ0=; fh=PuyQDiN2tMz+7WH8WmE+fzuSdqI3X0xF+ZqCED6Fk8E=; b=UmRKXs4XqanB/HDZVEVuP3CP4HTl3850Wm8SWCQcYZsawlpAi6rynYASvTgbAWD4gr iwNoCLfaWv1Tv+r0beD7tYLTzcp2fhqE9wQcRPVxoLqg6VL6LtaCifRpcGCWxhMTrCtH acUz0APzXXmMg/3kw+giJJ/6tVYmPNR9L4HhJL/PXjYSeEkHrVveiImYH7gQum4rpxEq OolGsoYTZckwfwvNnyY/MSp0hoX5tcpZkQQwxGZhDwxEkCi36z9M0WaQ24YpUwh/2eAy i3rPUnDfxmPSm7/RVfwVX9u5xcDi4+p2N/0JnDJV3mJ8KGfNjcjPTAn2nQ+14r+KULbW jufw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Talj3SxN; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-52913-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-52913-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=1; AJvYcCXKRK5lakJEYe0ekG7rUlcdscCGhMXnIwbirlEBOn6p8fBp9ZdPIoY+kS4MqKJxwo6kRAaoSurN64M79ufmYND4qqWCBxJ/dF0B9OvtQA== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bm18-20020a05620a199200b0078585f07b1esi71041qkb.311.2024.02.05.07.32.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Feb 2024 07:32:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-52913-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Talj3SxN; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-52913-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-52913-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5A2831C21579 for ; Mon, 5 Feb 2024 15:32:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 112252E408; Mon, 5 Feb 2024 15:32:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Talj3SxN" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61CF732C91; Mon, 5 Feb 2024 15:32:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.10 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707147161; cv=none; b=JFKmYeSdYUDaUkAOkJGm3UGmWsX3U9pf8DhwhTXxxVDEoIeRXT5SCNyPrFGI5+6i5Rut0SYRkfhY5k3MmjmDhjwmNbG4eTtnUihMfwVyvF6idWQSNtSjlUXaPqtn4Fmq5MIDXXVpuqrFKS3+uNVt3VmLFAFHQ2cNe3pp36cNUNc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707147161; c=relaxed/simple; bh=/zcq73sYVUW+h0jnwspQL/RXLud8ceA7/Ln5O42NPho=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=kGzWs0NF+LINa9s6JD6QFBfRI+7sww51M4PLlkVXwDYNXJkAAbwiNOKAJmseVF2t/NgDsuyKOvTfaz9XqW9myjDC14gMWd6KXSqe+4iTVoJPP5bawpHawryV84Ld9td3wAsZJ2Ejyl7cwbcXt6MgCbQ5gkWr1+PUMktW1AK5GjU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Talj3SxN; arc=none smtp.client-ip=198.175.65.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707147159; x=1738683159; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=/zcq73sYVUW+h0jnwspQL/RXLud8ceA7/Ln5O42NPho=; b=Talj3SxNm35vEMjlAIfTXmsGslXhDuMOo72i0upM6ABGUC8dgpTBZ1cS 3db3iz+mhA814qRR94iuvqvmA0vksrse67b6eFYNeNJASxt5LFFcKOccP gEkSz0BhWRTVI9tTaIwlBnwKepD32dhtgvHzCQG1f254ZBscnVv6aXTKm H0LQ4zW3LS/2dwk+bAavCN2qzk3f/qICEPhXP1eVssctab5k3bmXrWhOz h+oh875GTaV8f2p43gcOzK2EwYUPiTf6YIF0vynC9yWQkHsHeljNVDKZn /l2luxJFaq/PMsa4GnzteSBi5BiQz7CwIbMfEC50ta8jetpWUJSs4pj19 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10975"; a="17965270" X-IronPort-AV: E=Sophos;i="6.05,245,1701158400"; d="scan'208";a="17965270" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2024 07:32:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,245,1701158400"; d="scan'208";a="31829884" Received: from linux.intel.com ([10.54.29.200]) by fmviesa001.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2024 07:32:38 -0800 Received: from [10.212.74.66] (kliang2-mobl1.ccr.corp.intel.com [10.212.74.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by linux.intel.com (Postfix) with ESMTPS id 6A84D580ABB; Mon, 5 Feb 2024 07:32:36 -0800 (PST) Message-ID: <82dbb7de-8211-4bab-8289-eb2573d8ef1d@linux.intel.com> Date: Mon, 5 Feb 2024 10:32:35 -0500 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] perf/x86/uncore: avoid null-ptr-deref on error in pmu_alloc_topology Content-Language: en-US To: Fedor Pchelkin Cc: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , x86@kernel.org, Alexander Antonov , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org References: <20240204134841.80003-1-pchelkin@ispras.ru> <2b5c4fbc-67c8-42f6-84a0-2adb4fbb0a2a-pchelkin@ispras.ru> From: "Liang, Kan" In-Reply-To: <2b5c4fbc-67c8-42f6-84a0-2adb4fbb0a2a-pchelkin@ispras.ru> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 2024-02-05 10:18 a.m., Fedor Pchelkin wrote: > Hello, > > On 24/02/05 10:08AM, Liang, Kan wrote: >> >> >> On 2024-02-04 8:48 a.m., Fedor Pchelkin wrote: >>> If topology[die] array allocation fails then topology[die][idx] elements >>> can't be accessed on error path. >>> >>> Checking this on the error path probably looks more readable than >>> decrementing the counter in the allocation loop. >>> >>> Found by Linux Verification Center (linuxtesting.org). >>> >>> Fixes: 4d13be8ab5d4 ("perf/x86/intel/uncore: Generalize IIO topology support") >>> Signed-off-by: Fedor Pchelkin >>> --- >> >> It seems the code just jumps to the wrong kfree on the error path. >> Does the below patch work? >> >> diff --git a/arch/x86/events/intel/uncore_snbep.c >> b/arch/x86/events/intel/uncore_snbep.c >> index 8250f0f59c2b..5481fd00d861 100644 >> --- a/arch/x86/events/intel/uncore_snbep.c >> +++ b/arch/x86/events/intel/uncore_snbep.c >> @@ -3808,7 +3808,7 @@ static int pmu_alloc_topology(struct >> intel_uncore_type *type, int topology_type) >> for (die = 0; die < uncore_max_dies(); die++) { >> topology[die] = kcalloc(type->num_boxes, sizeof(**topology), GFP_KERNEL); >> if (!topology[die]) >> - goto clear; >> + goto free_topology; >> for (idx = 0; idx < type->num_boxes; idx++) { >> topology[die][idx].untyped = kcalloc(type->num_boxes, >> topology_size[topology_type], >> @@ -3827,6 +3827,7 @@ static int pmu_alloc_topology(struct >> intel_uncore_type *type, int topology_type) >> kfree(topology[die][idx].untyped); >> kfree(topology[die]); >> } >> +free_topology: >> kfree(topology); >> err: >> return -ENOMEM; >> >> Thanks, >> Kan >> > > In this way the already allocated topology[die] elements won't be freed. > Ah, right. The patch looks good to me. Reviewed-by: Kan Liang Thanks, Kan > -- > Fedor >