From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6EBCFA372C for ; Fri, 8 Nov 2019 13:03:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7BEA52085B for ; Fri, 8 Nov 2019 13:03:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=rasmusvillemoes.dk header.i=@rasmusvillemoes.dk header.b="ghv2Fitd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731755AbfKHND0 (ORCPT ); Fri, 8 Nov 2019 08:03:26 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:38915 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730332AbfKHNCR (ORCPT ); Fri, 8 Nov 2019 08:02:17 -0500 Received: by mail-lj1-f196.google.com with SMTP id p18so6130885ljc.6 for ; Fri, 08 Nov 2019 05:02:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=ghv2Fitdi+5CpOHryA/uKu7tvP1mIrcR7EQ6Boj2/RIU2+jYku8qiRim9NlU1bMI9t jibRIInuK9ovNCl4B0NJGdUU3ySNR4YSeno58I0x0vbag1VAvxIje3y/7NhG3ERCFGnp ox4wBxv0EYbYTQMQ1MAeNcI4UNMBZJ7Jq/bJ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=pJHdIPGQR2n8o1TSZTJqRmSa4by7rSU4Hnm5FnVGxOifkiukaVv3z3gCuopTNkS2zl LOZhfB86iU7yQRYo2nOaBq0p/xxUqIZfdjw6orDO8Qo8dEqzoMvI/rh/h5563fQbjjUq gUuqg25dfUWSze2fPFHLk91bJvAoXXZhQ0F3JiBJ7dQJjpYCwDYjPeZz73kGDZ5yZMcH rTX6JGqA2EDxKAii4B1yStDoYzdNcj/U8bWK5hh4C2thx7iaJUZtSRhmTj898nQxBiXS dO8nyTnA9OItAGbzMEzZJ2lx4tSMjYTRpyzOibGeMr9vpS37oJTh5I4OpPG0iMqEjW7+ 0Knw== X-Gm-Message-State: APjAAAW2/QGO1kqAHa0t7aq+oWlPOMCDcEU+FfcXV8j2HsueMmkKYLJL 0yeQ8TF/CtdUr89cqG460bVM0w== X-Google-Smtp-Source: APXvYqyoMqCjl5BXnYcK2ml6PASxOb4ksaKGHBnk0QjLBR1ADRWrjlHrHrSVaMf4Baj7cALCi+3dFg== X-Received: by 2002:a2e:9119:: with SMTP id m25mr6927156ljg.24.1573218135990; Fri, 08 Nov 2019 05:02:15 -0800 (PST) Received: from prevas-ravi.prevas.se ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id d28sm2454725lfn.33.2019.11.08.05.02.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Nov 2019 05:02:15 -0800 (PST) From: Rasmus Villemoes To: Qiang Zhao , Li Yang , Christophe Leroy Cc: linuxppc-dev@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Scott Wood , Rasmus Villemoes Subject: [PATCH v4 38/47] soc: fsl: qe: refactor cpm_muram_alloc_common to prevent BUG on error path Date: Fri, 8 Nov 2019 14:01:14 +0100 Message-Id: <20191108130123.6839-39-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191108130123.6839-1-linux@rasmusvillemoes.dk> References: <20191108130123.6839-1-linux@rasmusvillemoes.dk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the kmalloc() fails, we try to undo the gen_pool allocation we've just done. Unfortunately, start has already been modified to subtract the GENPOOL_OFFSET bias, so we're freeing something that very likely doesn't exist in the gen_pool, meaning we hit the kernel BUG at lib/genalloc.c:399! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM ... [<803fd0e8>] (gen_pool_free) from [<80426bc8>] (cpm_muram_alloc_common+0xb0/0xc8) [<80426bc8>] (cpm_muram_alloc_common) from [<80426c28>] (cpm_muram_alloc+0x48/0x80) [<80426c28>] (cpm_muram_alloc) from [<80428214>] (ucc_slow_init+0x110/0x4f0) [<80428214>] (ucc_slow_init) from [<8044a718>] (qe_uart_request_port+0x3c/0x1d8) (this was tested by just injecting a random failure by adding "|| (get_random_int()&7) == 0" to the "if (!entry)" condition). Refactor the code so we do the kmalloc() first, meaning that's the thing that needs undoing in case gen_pool_alloc_algo() then fails. This allows a later cleanup to move the locking from the callers into the _common function, keeping the kmalloc() out of the critical region and then, hopefully (if all the muram_alloc callers allow) change it to a GFP_KERNEL allocation. Signed-off-by: Rasmus Villemoes --- drivers/soc/fsl/qe/qe_common.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/soc/fsl/qe/qe_common.c b/drivers/soc/fsl/qe/qe_common.c index feb33ec1c3d6..bc9b436684df 100644 --- a/drivers/soc/fsl/qe/qe_common.c +++ b/drivers/soc/fsl/qe/qe_common.c @@ -119,23 +119,21 @@ static s32 cpm_muram_alloc_common(unsigned long size, struct muram_block *entry; s32 start; + entry = kmalloc(sizeof(*entry), GFP_ATOMIC); + if (!entry) + return -ENOMEM; start = gen_pool_alloc_algo(muram_pool, size, algo, data); - if (!start) - goto out2; + if (!start) { + kfree(entry); + return -ENOMEM; + } start = start - GENPOOL_OFFSET; memset_io(cpm_muram_addr(start), 0, size); - entry = kmalloc(sizeof(*entry), GFP_ATOMIC); - if (!entry) - goto out1; entry->start = start; entry->size = size; list_add(&entry->head, &muram_block_list); return start; -out1: - gen_pool_free(muram_pool, start, size); -out2: - return -ENOMEM; } /* -- 2.23.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B99CBC5DF60 for ; Fri, 8 Nov 2019 15:25:29 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1049F2178F for ; Fri, 8 Nov 2019 15:25:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=rasmusvillemoes.dk header.i=@rasmusvillemoes.dk header.b="ghv2Fitd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1049F2178F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=rasmusvillemoes.dk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 478kc45QmfzF6N4 for ; Sat, 9 Nov 2019 02:25:24 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=rasmusvillemoes.dk (client-ip=2a00:1450:4864:20::241; helo=mail-lj1-x241.google.com; envelope-from=linux@rasmusvillemoes.dk; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=rasmusvillemoes.dk Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=rasmusvillemoes.dk header.i=@rasmusvillemoes.dk header.b="ghv2Fitd"; dkim-atps=neutral Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 478gQz3jqrzF6tB for ; Sat, 9 Nov 2019 00:02:19 +1100 (AEDT) Received: by mail-lj1-x241.google.com with SMTP id t5so6157848ljk.0 for ; Fri, 08 Nov 2019 05:02:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=ghv2Fitdi+5CpOHryA/uKu7tvP1mIrcR7EQ6Boj2/RIU2+jYku8qiRim9NlU1bMI9t jibRIInuK9ovNCl4B0NJGdUU3ySNR4YSeno58I0x0vbag1VAvxIje3y/7NhG3ERCFGnp ox4wBxv0EYbYTQMQ1MAeNcI4UNMBZJ7Jq/bJ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=gIoYvcCPJ7NWXNceJ3Ad9TWxEeLi0C/IjosYY434VLhhBklcKXIk0WLgn4IezVrGVJ 8hR2k1QoL6aZaDiVfOSRsVXs0bjwazCLbrp93iuCX04iNcHYlK1D3cJGzA0yviizBKi7 UhyAXgNEvo5Us1GnlaSRyDiExisOQlNdtHSJJCDSNm89rZsKAGl2/0bL619Ju3k2xOA2 ZBzsHuhB3qHfjlott38ajTwQj1ruO9EQQbouaEhLBL52q25WnBHjYA6h66uDGpBpomCB qULYL/qmTATd9sTFi3G8X7vYznErr2BggZ6G4JHwSl5ZQpiEyMm1q+IW1P8Sbaf5Bl99 nnWQ== X-Gm-Message-State: APjAAAUgfu5N0t7G3VUbI1i1NvnNO6xheqyKVo+ShJlQ883AnLNAFOMM 2D7CxufOvuCRvLqJkue0tfPuVw== X-Google-Smtp-Source: APXvYqyoMqCjl5BXnYcK2ml6PASxOb4ksaKGHBnk0QjLBR1ADRWrjlHrHrSVaMf4Baj7cALCi+3dFg== X-Received: by 2002:a2e:9119:: with SMTP id m25mr6927156ljg.24.1573218135990; Fri, 08 Nov 2019 05:02:15 -0800 (PST) Received: from prevas-ravi.prevas.se ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id d28sm2454725lfn.33.2019.11.08.05.02.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Nov 2019 05:02:15 -0800 (PST) From: Rasmus Villemoes To: Qiang Zhao , Li Yang , Christophe Leroy Subject: [PATCH v4 38/47] soc: fsl: qe: refactor cpm_muram_alloc_common to prevent BUG on error path Date: Fri, 8 Nov 2019 14:01:14 +0100 Message-Id: <20191108130123.6839-39-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191108130123.6839-1-linux@rasmusvillemoes.dk> References: <20191108130123.6839-1-linux@rasmusvillemoes.dk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Scott Wood , Rasmus Villemoes , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" If the kmalloc() fails, we try to undo the gen_pool allocation we've just done. Unfortunately, start has already been modified to subtract the GENPOOL_OFFSET bias, so we're freeing something that very likely doesn't exist in the gen_pool, meaning we hit the kernel BUG at lib/genalloc.c:399! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM ... [<803fd0e8>] (gen_pool_free) from [<80426bc8>] (cpm_muram_alloc_common+0xb0/0xc8) [<80426bc8>] (cpm_muram_alloc_common) from [<80426c28>] (cpm_muram_alloc+0x48/0x80) [<80426c28>] (cpm_muram_alloc) from [<80428214>] (ucc_slow_init+0x110/0x4f0) [<80428214>] (ucc_slow_init) from [<8044a718>] (qe_uart_request_port+0x3c/0x1d8) (this was tested by just injecting a random failure by adding "|| (get_random_int()&7) == 0" to the "if (!entry)" condition). Refactor the code so we do the kmalloc() first, meaning that's the thing that needs undoing in case gen_pool_alloc_algo() then fails. This allows a later cleanup to move the locking from the callers into the _common function, keeping the kmalloc() out of the critical region and then, hopefully (if all the muram_alloc callers allow) change it to a GFP_KERNEL allocation. Signed-off-by: Rasmus Villemoes --- drivers/soc/fsl/qe/qe_common.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/soc/fsl/qe/qe_common.c b/drivers/soc/fsl/qe/qe_common.c index feb33ec1c3d6..bc9b436684df 100644 --- a/drivers/soc/fsl/qe/qe_common.c +++ b/drivers/soc/fsl/qe/qe_common.c @@ -119,23 +119,21 @@ static s32 cpm_muram_alloc_common(unsigned long size, struct muram_block *entry; s32 start; + entry = kmalloc(sizeof(*entry), GFP_ATOMIC); + if (!entry) + return -ENOMEM; start = gen_pool_alloc_algo(muram_pool, size, algo, data); - if (!start) - goto out2; + if (!start) { + kfree(entry); + return -ENOMEM; + } start = start - GENPOOL_OFFSET; memset_io(cpm_muram_addr(start), 0, size); - entry = kmalloc(sizeof(*entry), GFP_ATOMIC); - if (!entry) - goto out1; entry->start = start; entry->size = size; list_add(&entry->head, &muram_block_list); return start; -out1: - gen_pool_free(muram_pool, start, size); -out2: - return -ENOMEM; } /* -- 2.23.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93C76FA372C for ; Fri, 8 Nov 2019 13:13:39 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4D0D62084D for ; Fri, 8 Nov 2019 13:13:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KeKk6fTR"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=rasmusvillemoes.dk header.i=@rasmusvillemoes.dk header.b="ghv2Fitd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4D0D62084D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=rasmusvillemoes.dk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=fcUnh6dcycj+XAorCasyuErNqVsOqBdss3ycmDlaM18=; b=KeKk6fTR7+KLYw jisXWw+yX6wcExfWNPnqOBHP+8EutrwXNRVS8GYSPBAvult+xRWJek0LwFDZLX7RHorBc8t/vwcSY 8GWwXlL093PqZjhLvdh1LJbbf6SlSb8Jj+7LmDm+j4m1TNzfZu+jDE0iU4zRrdPpxqJOHGw7JG8j2 C22EYr7ldyMeYQbYAMzWRttuuXKYjuFAi6kCFJL31Rbkg+so044x9zElK4LKiTuEyjnZlz52cOTX0 O5VLzFlQlTa+sGtwK+OCCyEAG0tR/y3YZrt7zkdE0EmIbu97fCAS/rwL7rTBIP2DfJ93zESfYGVqS UDyIKBqHUZ0fBONkEtFA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iT451-0008RP-PR; Fri, 08 Nov 2019 13:13:35 +0000 Received: from mail-lj1-x244.google.com ([2a00:1450:4864:20::244]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iT3u5-0004pQ-Ou for linux-arm-kernel@lists.infradead.org; Fri, 08 Nov 2019 13:02:20 +0000 Received: by mail-lj1-x244.google.com with SMTP id 139so6138396ljf.1 for ; Fri, 08 Nov 2019 05:02:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=ghv2Fitdi+5CpOHryA/uKu7tvP1mIrcR7EQ6Boj2/RIU2+jYku8qiRim9NlU1bMI9t jibRIInuK9ovNCl4B0NJGdUU3ySNR4YSeno58I0x0vbag1VAvxIje3y/7NhG3ERCFGnp ox4wBxv0EYbYTQMQ1MAeNcI4UNMBZJ7Jq/bJ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VA9GbHfmKtODbCm0QoKaPVG8lLjwOAvz4Dj0Clq1FXQ=; b=OsFPFRqhgy5dwSuGH71ApmkvVzNyQdTsnJM2pPk7PYwwznkK19PHSCO/108upQ1J1M hb8pX5K5dYOjpOppMhigk9p2s7rel3pMNv8RWMyZgRO1oh4ciuoidMvJ+Kh7L6tmVuqL 3tjWThIV9Wooexsb31jVSjApKUqJDhIyRQrJrEpq7k7nY3hVw07n5OGWGiGPFsfN150L wm5hwUrUeoToXrezow32OpRaztRBWKz7t4r/5p5jm4k/nBHaVnUjJaOE79kGpClI2rP1 L3t0pY4tPdiJkdxXa5QVOLGb+G6x2a8yaPU20Fu7r3TolITSO5AhVrejGjAZlgi+8sYY QnGg== X-Gm-Message-State: APjAAAVtq8+Ay8YqppHulxOYESnAxr2Ya1xn1CwLGask+qVdTG84czz7 cT5tUYc73UsCFC65Qnm+K5coe5n8JGesGf3d X-Google-Smtp-Source: APXvYqyoMqCjl5BXnYcK2ml6PASxOb4ksaKGHBnk0QjLBR1ADRWrjlHrHrSVaMf4Baj7cALCi+3dFg== X-Received: by 2002:a2e:9119:: with SMTP id m25mr6927156ljg.24.1573218135990; Fri, 08 Nov 2019 05:02:15 -0800 (PST) Received: from prevas-ravi.prevas.se ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id d28sm2454725lfn.33.2019.11.08.05.02.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Nov 2019 05:02:15 -0800 (PST) From: Rasmus Villemoes To: Qiang Zhao , Li Yang , Christophe Leroy Subject: [PATCH v4 38/47] soc: fsl: qe: refactor cpm_muram_alloc_common to prevent BUG on error path Date: Fri, 8 Nov 2019 14:01:14 +0100 Message-Id: <20191108130123.6839-39-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191108130123.6839-1-linux@rasmusvillemoes.dk> References: <20191108130123.6839-1-linux@rasmusvillemoes.dk> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191108_050218_481780_A38D0840 X-CRM114-Status: GOOD ( 12.62 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Scott Wood , Rasmus Villemoes , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org If the kmalloc() fails, we try to undo the gen_pool allocation we've just done. Unfortunately, start has already been modified to subtract the GENPOOL_OFFSET bias, so we're freeing something that very likely doesn't exist in the gen_pool, meaning we hit the kernel BUG at lib/genalloc.c:399! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM ... [<803fd0e8>] (gen_pool_free) from [<80426bc8>] (cpm_muram_alloc_common+0xb0/0xc8) [<80426bc8>] (cpm_muram_alloc_common) from [<80426c28>] (cpm_muram_alloc+0x48/0x80) [<80426c28>] (cpm_muram_alloc) from [<80428214>] (ucc_slow_init+0x110/0x4f0) [<80428214>] (ucc_slow_init) from [<8044a718>] (qe_uart_request_port+0x3c/0x1d8) (this was tested by just injecting a random failure by adding "|| (get_random_int()&7) == 0" to the "if (!entry)" condition). Refactor the code so we do the kmalloc() first, meaning that's the thing that needs undoing in case gen_pool_alloc_algo() then fails. This allows a later cleanup to move the locking from the callers into the _common function, keeping the kmalloc() out of the critical region and then, hopefully (if all the muram_alloc callers allow) change it to a GFP_KERNEL allocation. Signed-off-by: Rasmus Villemoes --- drivers/soc/fsl/qe/qe_common.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/soc/fsl/qe/qe_common.c b/drivers/soc/fsl/qe/qe_common.c index feb33ec1c3d6..bc9b436684df 100644 --- a/drivers/soc/fsl/qe/qe_common.c +++ b/drivers/soc/fsl/qe/qe_common.c @@ -119,23 +119,21 @@ static s32 cpm_muram_alloc_common(unsigned long size, struct muram_block *entry; s32 start; + entry = kmalloc(sizeof(*entry), GFP_ATOMIC); + if (!entry) + return -ENOMEM; start = gen_pool_alloc_algo(muram_pool, size, algo, data); - if (!start) - goto out2; + if (!start) { + kfree(entry); + return -ENOMEM; + } start = start - GENPOOL_OFFSET; memset_io(cpm_muram_addr(start), 0, size); - entry = kmalloc(sizeof(*entry), GFP_ATOMIC); - if (!entry) - goto out1; entry->start = start; entry->size = size; list_add(&entry->head, &muram_block_list); return start; -out1: - gen_pool_free(muram_pool, start, size); -out2: - return -ENOMEM; } /* -- 2.23.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel