* [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path
@ 2022-10-15 13:04 Fabien Parent
2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
To: ilia.lin, agross, andersson, rafael, viresh.kumar
Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent
If for some reason the speedbin length is incorrect, then there is a
memory leak in the error path because we never free the speedbin buffer.
This commit fixes the error path to always free the speedbin buffer.
Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---
v2: Added missing "Fixes" tag
drivers/cpufreq/qcom-cpufreq-nvmem.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 863548f59c3e..3bd38acde4b9 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -213,6 +213,7 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
int speed = 0, pvs = 0, pvs_ver = 0;
u8 *speedbin;
size_t len;
+ int ret = 0;
speedbin = nvmem_cell_read(speedbin_nvmem, &len);
@@ -230,7 +231,8 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
break;
default:
dev_err(cpu_dev, "Unable to read nvmem data. Defaulting to 0!\n");
- return -ENODEV;
+ ret = -ENODEV;
+ goto len_error;
}
snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d",
@@ -238,8 +240,9 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
drv->versions = (1 << speed);
+len_error:
kfree(speedbin);
- return 0;
+ return ret;
}
static const struct qcom_cpufreq_match_data match_data_kryo = {
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region
2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
@ 2022-10-15 13:04 ` Fabien Parent
2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar
2 siblings, 0 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
To: ilia.lin, agross, andersson, rafael, viresh.kumar
Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent
This commit fixes a kernel oops because of a write in some read-only memory:
[ 9.068287] Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8
..snip..
[ 9.138790] Internal error: Oops: 9600004f [#1] PREEMPT SMP
..snip..
[ 9.269161] Call trace:
[ 9.276271] __memcpy+0x5c/0x230
[ 9.278531] snprintf+0x58/0x80
[ 9.282002] qcom_cpufreq_msm8939_name_version+0xb4/0x190
[ 9.284869] qcom_cpufreq_probe+0xc8/0x39c
..snip..
The following line defines a pointer that point to a char buffer stored
in read-only memory:
char *pvs_name = "speedXX-pvsXX-vXX";
This pointer is meant to hold a template "speedXX-pvsXX-vXX" where the
XX values get overridden by the qcom_cpufreq_krait_name_version function. Since
the template is actually stored in read-only memory, when the function
executes the following call we get an oops:
snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d",
speed, pvs, pvs_ver);
To fix this issue, we instead store the template name onto the stack by
using the following syntax:
char pvs_name_buffer[] = "speedXX-pvsXX-vXX";
Because the `pvs_name` needs to be able to be assigned to NULL, the
template buffer is stored in the pvs_name_buffer and not under the
pvs_name variable.
Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---
v2:
* Added missing "Fixes" tag
* Rebased to not depend on another non-bug fix patch
drivers/cpufreq/qcom-cpufreq-nvmem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 3bd38acde4b9..82e0339d7722 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -265,7 +265,8 @@ static int qcom_cpufreq_probe(struct platform_device *pdev)
struct nvmem_cell *speedbin_nvmem;
struct device_node *np;
struct device *cpu_dev;
- char *pvs_name = "speedXX-pvsXX-vXX";
+ char pvs_name_buffer[] = "speedXX-pvsXX-vXX";
+ char *pvs_name = pvs_name_buffer;
unsigned cpu;
const struct of_device_id *match;
int ret;
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition
2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
@ 2022-10-15 13:04 ` Fabien Parent
2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar
2 siblings, 0 replies; 4+ messages in thread
From: Fabien Parent @ 2022-10-15 13:04 UTC (permalink / raw)
To: ilia.lin, agross, andersson, rafael, viresh.kumar
Cc: linux-kernel, linux-arm-msm, linux-pm, Fabien Parent
The speedbin_nvmem parameter is not used for
get_krait_bin_format_{a,b}. Let's remove the parameter to make the code
cleaner.
Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
---
V2: New patch
drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c
index 82e0339d7722..a154f03666fd 100644
--- a/drivers/cpufreq/qcom-cpufreq-nvmem.c
+++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c
@@ -64,7 +64,7 @@ static struct platform_device *cpufreq_dt_pdev, *cpufreq_pdev;
static void get_krait_bin_format_a(struct device *cpu_dev,
int *speed, int *pvs, int *pvs_ver,
- struct nvmem_cell *pvs_nvmem, u8 *buf)
+ u8 *buf)
{
u32 pte_efuse;
@@ -95,7 +95,7 @@ static void get_krait_bin_format_a(struct device *cpu_dev,
static void get_krait_bin_format_b(struct device *cpu_dev,
int *speed, int *pvs, int *pvs_ver,
- struct nvmem_cell *pvs_nvmem, u8 *buf)
+ u8 *buf)
{
u32 pte_efuse, redundant_sel;
@@ -223,11 +223,11 @@ static int qcom_cpufreq_krait_name_version(struct device *cpu_dev,
switch (len) {
case 4:
get_krait_bin_format_a(cpu_dev, &speed, &pvs, &pvs_ver,
- speedbin_nvmem, speedbin);
+ speedbin);
break;
case 8:
get_krait_bin_format_b(cpu_dev, &speed, &pvs, &pvs_ver,
- speedbin_nvmem, speedbin);
+ speedbin);
break;
default:
dev_err(cpu_dev, "Unable to read nvmem data. Defaulting to 0!\n");
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path
2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
@ 2022-10-18 10:37 ` Viresh Kumar
2 siblings, 0 replies; 4+ messages in thread
From: Viresh Kumar @ 2022-10-18 10:37 UTC (permalink / raw)
To: Fabien Parent
Cc: ilia.lin, agross, andersson, rafael, linux-kernel, linux-arm-msm,
linux-pm
On 15-10-22, 15:04, Fabien Parent wrote:
> If for some reason the speedbin length is incorrect, then there is a
> memory leak in the error path because we never free the speedbin buffer.
> This commit fixes the error path to always free the speedbin buffer.
>
> Fixes: a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs")
> Signed-off-by: Fabien Parent <fabien.parent@linaro.org>
> ---
>
> v2: Added missing "Fixes" tag
>
> drivers/cpufreq/qcom-cpufreq-nvmem.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
Applied all three. Thanks.
--
viresh
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-10-18 10:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-15 13:04 [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Fabien Parent
2022-10-15 13:04 ` [PATCH v2 2/3] cpufreq: qcom: fix writes in read-only memory region Fabien Parent
2022-10-15 13:04 ` [PATCH v2 3/3] cpufreq: qcom: remove unused parameter in function definition Fabien Parent
2022-10-18 10:37 ` [PATCH v2 1/3] cpufreq: qcom: fix memory leak in error path Viresh Kumar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).