Received: by 10.223.164.202 with SMTP id h10csp95926wrb; Thu, 30 Nov 2017 07:27:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMZWwJkXgwQ0VSC/gDkVp/FSzmCgJFPsos+IIF9meAA/+WTzHll/uVrrWl+k7E5rXOCiw+Rg X-Received: by 10.159.205.131 with SMTP id v3mr3050810plo.139.1512055654848; Thu, 30 Nov 2017 07:27:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512055654; cv=none; d=google.com; s=arc-20160816; b=SrThKGawWSc5+Kud7KOp26N3WNhAmMQewymLqm7kRM7khU17PAH7wy/XNjl+ywnoft dp7jFKeSSW1yQw4sZBE1lzGUZLDe+/9NbykDz10oC6jP6dnoB+o3fm9Jfa0gr8qKCnLx 20stm9cTMCU5pxbnIcW4vV1jO2uKN1JhC8XdVA4w96t5nUB+nN9dfua68Hsu3gHarX3b 9cxnQC7FWAXxHRgKy0HnZCrreFlcE2xtsgxEltBvhOV++KAWeoq1uxD4EmzxRWpHYr2F ZVzFnFNxddHSvBtYNlTQaE6m19YLk2lAmBufjKTgLiq0oOURRWfeUM36l2rblM769TG8 accg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=UfgjcQOCe/1DCMIenT7pkuFCJHv8cirBXBQDXqbroe8=; b=DI5kW8qM12AzN5CqgAbVwGNMeyU6yLObOkZBFIds/IIuL+LBw0sBGfPNkfS9DjYiZg 4WZeKpYcOMHi5YmpIRhFz93SGx7bEjGU4vhNuzqoOAyO2U8QyND4PjU4u+DbomRbqraX 1INuSTLctdOtdejXOgTESInWHP+Aw5myoUrMuT+5JjRI+9IGEPmsGEgJFw6AzU/3crC7 frXjmVhL+0ay6oKUBeJOOgQ3gkPl7fHnkb6ey6z2Z848k4sJlGWWncazzdgu6+JCpH1p /opZcXjGC++V8KYzztCA8x+YbeBL0dzB5FFXobRjV8mMW/pLXiAhMDmBqii03O+/0bbR lVsQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bd7si3206518plb.694.2017.11.30.07.27.20; Thu, 30 Nov 2017 07:27:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752501AbdK3P0w (ORCPT + 99 others); Thu, 30 Nov 2017 10:26:52 -0500 Received: from mail.kernel.org ([198.145.29.99]:36270 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751487AbdK3P0v (ORCPT ); Thu, 30 Nov 2017 10:26:51 -0500 Received: from mail-qt0-f170.google.com (mail-qt0-f170.google.com [209.85.216.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 69FD521943; Thu, 30 Nov 2017 15:26:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 69FD521943 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=robh+dt@kernel.org Received: by mail-qt0-f170.google.com with SMTP id g9so9146274qth.9; Thu, 30 Nov 2017 07:26:50 -0800 (PST) X-Gm-Message-State: AKGB3mJawHs4eC6JnJCfAoDjCXSej8zvKxyNFITwKiV160Ux1DHYgCQL g9Cezrfy3w1uXFu++0EVBOBHMuLcQznjRovVqA== X-Received: by 10.200.35.215 with SMTP id r23mr3732561qtr.174.1512055609570; Thu, 30 Nov 2017 07:26:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.201.141 with HTTP; Thu, 30 Nov 2017 07:26:29 -0800 (PST) In-Reply-To: <788fe2e4-03b2-6f9d-f5dd-5bdf0c48892f@gmail.com> References: <20171129191750.25254-1-colin.king@canonical.com> <806a0467-87c8-4100-c7f2-54cfa8732465@canonical.com> <75d7d1c8-8a19-1a4c-0796-7cf69fdebe6d@gmail.com> <788fe2e4-03b2-6f9d-f5dd-5bdf0c48892f@gmail.com> From: Rob Herring Date: Thu, 30 Nov 2017 09:26:29 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] of: overlay: fix memory leak of ovcs on error exit path To: Frank Rowand Cc: Colin Ian King , Pantelis Antoniou , "devicetree@vger.kernel.org" , kernel-janitors@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 30, 2017 at 9:01 AM, Frank Rowand wrote: > On 11/30/17 08:37, Frank Rowand wrote: >> Hi Colin, Rob, >> >> On 11/30/17 07:18, Colin Ian King wrote: >>> On 30/11/17 12:14, Frank Rowand wrote: >>>> On 11/29/17 14:17, Colin King wrote: >>>>> From: Colin Ian King >>>>> >>>>> Currently if the call to of_resolve_phandles fails then then ovcs >>>>> is not kfree'd on the error exit path. Rather than try and make >>>>> the clean up exit path more convoluted, fix this by just kfree'ing >>>>> ovcs at the point of error detection and exit via the same exit >>>>> path. >>>>> >>>>> Detected by CoverityScan, CID#1462296 ("Resource Leak") >>>>> >>>>> Fixes: f948d6d8b792 ("of: overlay: avoid race condition between applying multiple overlays") >>>>> Signed-off-by: Colin Ian King >>>>> --- >>>>> drivers/of/overlay.c | 4 +++- >>>>> 1 file changed, 3 insertions(+), 1 deletion(-) >>>>> >>>>> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >>>>> index 53bc9e3f0b98..6c8efe7d8cbb 100644 >>>>> --- a/drivers/of/overlay.c >>>>> +++ b/drivers/of/overlay.c >>>>> @@ -708,8 +708,10 @@ int of_overlay_apply(struct device_node *tree, int *ovcs_id) >>>>> of_overlay_mutex_lock(); >>>>> >>>>> ret = of_resolve_phandles(tree); >>>>> - if (ret) >>>>> + if (ret) { >>>>> + kfree(ovcs); >>>>> goto err_overlay_unlock; >>>>> + } >>>>> >>>>> mutex_lock(&of_mutex); >>>>> >>>>> >>>> >>>> False coverity warning. ovcs is freed in free_overlay_changeset(). >>>> >>> >>> The error exit path is via err_overlay_unlock: >>> >>> err_overlay_unlock: >>> of_overlay_mutex_unlock(); >>> >>> out: >>> pr_debug("%s() err=%d\n", __func__, ret); >>> >>> return ret; >>> >>> ..so there is no call to free_overlay_changeset there. >>> >>> Colin >>> >> >> OK, I was looking at 4.15-rc1. You must be looking at a later version where >> "[PATCH 1/2] of: overlay: Fix cleanup order in of_overlay_apply()" has been >> applied. Thanks for providing the extra details about the exit path so I >> could see that. >> >> Rob, I think that the fix for cleanup order was not the best way to fix that >> problem. A better method would have been to move "mutex_lock(&of_mutex);" >> up 5 lines, to just before calling of_reserve_phandles(). > > It is getting late (midnight my time), so I really should revisit this all > tomorrow. My last comment ("move ... up 5 lines") is probably wrong. > > I'll look at this after some sleep. I'm dropping "of: overlay: Fix cleanup order in of_overlay_apply()", so someone please fix this in the original patch. Rob From 1585503734967217003@xxx Thu Nov 30 15:03:10 +0000 2017 X-GM-THRID: 1585429190845296766 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread