linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path
@ 2022-10-15 13:04 Fabien Parent
  2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
  To: ilia.lin, agross, andersson, rafael, viresh.kumar
  Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent

If for some reason the speedbin length is incorrect, then there is a
memory leak in the error path because we never free the speedbin buffer.
This commit fixes the error path to always free the speedbin buffer.

Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---

v2: Added missing "Fixes" tag

 drivers/cpufreq/qcom-cpufreq-nvmem.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 863548f59c3e..3bd38acde4b9 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -213,6 +213,7 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
 	int speed = 0, pvs = 0, pvs_ver = 0;
 	u8 *speedbin;
 	size_t len;
+	int ret = 0;
 
 	speedbin = nvmem_cell_read(speedbin_nvmem, &len);
 
@@ -230,7 +231,8 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
 		break;
 	default:
 		dev_err(cpu_dev, "Unable to read nvmem data. Defaulting to 0!\n");
-		return -ENODEV;
+		ret = -ENODEV;
+		goto len_error;
 	}
 
 	snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d",
@@ -238,8 +240,9 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
 
 	drv->versions = (1 << speed);
 
+len_error:
 	kfree(speedbin);
-	return 0;
+	return ret;
 }
 
 static const struct qcom_cpufreq_match_data match_data_kryo = {
-- 
2.37.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region
  2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
@ 2022-10-15 13:04 ` Fabien Parent
  2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
  2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar
  2 siblings, 0 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
  To: ilia.lin, agross, andersson, rafael, viresh.kumar
  Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent

This commit fixes a kernel oops because of a write in some read-only memory:

	[    9.068287] Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8
	..snip..
	[    9.138790] Internal error: Oops: 9600004f [#1] PREEMPT SMP
	..snip..
	[    9.269161] Call trace:
	[    9.276271]  __memcpy+0x5c/0x230
	[    9.278531]  snprintf+0x58/0x80
	[    9.282002]  qcom_cpufreq_msm8939_name_version+0xb4/0x190
	[    9.284869]  qcom_cpufreq_probe+0xc8/0x39c
	..snip..

The following line defines a pointer that point to a char buffer stored
in read-only memory:

	char *pvs_name = "speedXX-pvsXX-vXX";

This pointer is meant to hold a template "speedXX-pvsXX-vXX" where the
XX values get overridden by the qcom_cpufreq_krait_name_version function. Since
the template is actually stored in read-only memory, when the function
executes the following call we get an oops:

	snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d",
		 speed, pvs, pvs_ver);

To fix this issue, we instead store the template name onto the stack by
using the following syntax:

	char pvs_name_buffer[] = "speedXX-pvsXX-vXX";

Because the `pvs_name` needs to be able to be assigned to NULL, the
template buffer is stored in the pvs_name_buffer and not under the
pvs_name variable.

Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---

v2:
 * Added missing "Fixes" tag
 * Rebased to not depend on another non-bug fix patch

 drivers/cpufreq/qcom-cpufreq-nvmem.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 3bd38acde4b9..82e0339d7722 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -265,7 +265,8 @@ static int qcom_cpufreq_probe(struct platform_device *pdev)
 	struct nvmem_cell *speedbin_nvmem;
 	struct device_node *np;
 	struct device *cpu_dev;
-	char *pvs_name = "speedXX-pvsXX-vXX";
+	char pvs_name_buffer[] = "speedXX-pvsXX-vXX";
+	char *pvs_name = pvs_name_buffer;
 	unsigned cpu;
 	const struct of_device_id *match;
 	int ret;
-- 
2.37.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition
  2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
  2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
@ 2022-10-15 13:04 ` Fabien Parent
  2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar
  2 siblings, 0 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
  To: ilia.lin, agross, andersson, rafael, viresh.kumar
  Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent

The speedbin_nvmem parameter is not used for
get_krait_bin_format_{a,b}. Let's remove the parameter to make the code
cleaner.

Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---

V2: New patch

 drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 82e0339d7722..a154f03666fd 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -64,7 +64,7 @@ static struct platform_device *cpufreq_dt_pdev, *cpufreq_pdev;
 
 static void get_krait_bin_format_a(struct device *cpu_dev,
 					  int *speed, int *pvs, int *pvs_ver,
-					  struct nvmem_cell *pvs_nvmem, u8 *buf)
+					  u8 *buf)
 {
 	u32 pte_efuse;
 
@@ -95,7 +95,7 @@ static void get_krait_bin_format_a(struct device *cpu_dev,
 
 static void get_krait_bin_format_b(struct device *cpu_dev,
 					  int *speed, int *pvs, int *pvs_ver,
-					  struct nvmem_cell *pvs_nvmem, u8 *buf)
+					  u8 *buf)
 {
 	u32 pte_efuse, redundant_sel;
 
@@ -223,11 +223,11 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
 	switch (len) {
 	case 4:
 		get_krait_bin_format_a(cpu_dev, &speed, &pvs, &pvs_ver,
-				       speedbin_nvmem, speedbin);
+				       speedbin);
 		break;
 	case 8:
 		get_krait_bin_format_b(cpu_dev, &speed, &pvs, &pvs_ver,
-				       speedbin_nvmem, speedbin);
+				       speedbin);
 		break;
 	default:
 		dev_err(cpu_dev, "Unable to read nvmem data. Defaulting to 0!\n");
-- 
2.37.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path
  2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
  2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
  2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
@ 2022-10-18 10:37 ` Viresh Kumar
  2 siblings, 0 replies; 4+ messages in thread
From: Viresh Kumar @ 2022-10-18 10:37 UTC (permalink / raw)
  To: Fabien Parent
  Cc: ilia.lin, agross, andersson, rafael, linux-kernel, linux-arm-msm,
	linux-pm

On 15-10-22, 15:04, Fabien Parent wrote:
> If for some reason the speedbin length is incorrect, then there is a
> memory leak in the error path because we never free the speedbin buffer.
> This commit fixes the error path to always free the speedbin buffer.
> 
> Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
> Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
> ---
> 
> v2: Added missing "Fixes" tag
> 
>  drivers/cpufreq/qcom-cpufreq-nvmem.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)

Applied all three. Thanks.

-- 
viresh

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-10-18 10:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).