Re: [PATCH] livepatch: Fix leak on klp_init_patch_early failure path

From: Song Liu <songliubraving@fb.com>
To: David Vernet <void@manifault.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
	"pmladek@suse.com" <pmladek@suse.com>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	"live-patching@vger.kernel.org" <live-patching@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	"jikos@kernel.org" <jikos@kernel.org>,
	"mbenes@suse.cz" <mbenes@suse.cz>,
	"joe.lawrence@redhat.com" <joe.lawrence@redhat.com>,
	"corbet@lwn.net" <corbet@lwn.net>, Yonghong Song <yhs@fb.com>
Subject: Re: [PATCH] livepatch: Fix leak on klp_init_patch_early failure path
Date: Mon, 13 Dec 2021 23:32:25 +0000	[thread overview]
Message-ID: <C10BAA59-BBAA-4EF5-8819-72C9D65E85A9@fb.com> (raw)
In-Reply-To: <YbfQHjoUO5GTvImR@dev0025.ash9.facebook.com>



> On Dec 13, 2021, at 2:58 PM, David Vernet <void@manifault.com> wrote:
> 
> Josh Poimboeuf <jpoimboe@redhat.com> wrote on Mon [2021-Dec-13 12:10:22 -0800]:
>> The patch description needs a few tweaks.  In the kernel we don't use
>> Markdown for patch descriptions.
>> 
>> A function can be postfixed with a trailing pair of parentheses, like
>> klp_enable_patch().
>> 
>> Other symbols can be enclosed with single quotes, like 'struct
>> klp_object'.
>> 
>> I'd also recommend avoiding the excessive use of "we", in favor of more
>> imperative-type language.
>> 
>> See Documentation/process/submitting-patches.rst for more details.  It's
>> also a good idea to look at some kernel commit logs to get a general
>> idea of the kernel patch description style.
> 
> Understood, I'll take a read through and re-submit the patch to honor the
> norms for Linux kernel patches. My sincere apologies for the noise, and
> thank you for the positive and constructive suggestions.
> 
>> I don't think the fix will be quite that simple.  For example, if
>> klp_init_patch_early() fails, that means try_module_get() hasn't been
>> done, so klp_free_patch_finish() will wrongly do a module_put().
> 
> Ugh, good point and thank you for catching that. Another problem with the
> current patch is that we'll call kobject_put() on the patch even if we
> never call kobject_init on the patch due to patch->objs being NULL.
> 
> Perhaps we should pull try_module_get() and the NULL check for patch->objs
> out of klp_init_patch_early()? It feels a bit more intuitive to me if
> klp_init_patch_early() were only be responsible for initializing kobjects
> for the patch and its objects / funcs anyways.

Pulling those logic out of klp_init_patch_early() makes sense to me. 
Alternatively, we may also have a cleanup section in klp_init_patch_early(), 
like below. I am not sure which way will be cleaner. 

Thanks,
Song

diff --git i/kernel/livepatch/core.c w/kernel/livepatch/core.c
index 335d988bd811..20b959c82204 100644
--- i/kernel/livepatch/core.c
+++ w/kernel/livepatch/core.c
@@ -864,7 +864,7 @@ static void klp_init_object_early(struct klp_patch *patch,

 static int klp_init_patch_early(struct klp_patch *patch)
 {
-       struct klp_object *obj;
+       struct klp_object *obj, *obj2;
        struct klp_func *func;

        if (!patch->objs)
@@ -880,7 +880,7 @@ static int klp_init_patch_early(struct klp_patch *patch)

        klp_for_each_object_static(patch, obj) {
                if (!obj->funcs)
-                       return -EINVAL;
+                       goto cleanup;

                klp_init_object_early(patch, obj);

@@ -890,9 +890,15 @@ static int klp_init_patch_early(struct klp_patch *patch)
        }

        if (!try_module_get(patch->mod))
-               return -ENODEV;
+               goto cleanup;

        return 0;
+cleanup:
+       klp_for_each_func_static(patch, obj2) {
+               if (obj2 == obj)
+                       break;  // done
+               /* do clean up */
+       }
 }

 static int klp_init_patch(struct klp_patch *patch)
