All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/3] ipack: tpci200: pci_iounmap -> iounmap
@ 2021-07-21 11:11 Dongliang Mu
  2021-07-21 11:11 ` [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe Dongliang Mu
  2021-07-21 11:11 ` [PATCH 3/3] ipack: tpci200: fix memory leak in the tpci200_register Dongliang Mu
  0 siblings, 2 replies; 6+ messages in thread
From: Dongliang Mu @ 2021-07-21 11:11 UTC (permalink / raw)
  To: Samuel Iglesias Gonsalvez, Jens Taprogge, Greg Kroah-Hartman,
	Dongliang Mu, Aditya Srivastava, Lv Yunlong
  Cc: Randy Dunlap, industrypack-devel, linux-kernel

The deallocation api for ioremap should be iounmap, other than
pci_iounmap.

Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
---
 drivers/ipack/carriers/tpci200.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/ipack/carriers/tpci200.c b/drivers/ipack/carriers/tpci200.c
index 3461b0a7dc62..ca302a87bc22 100644
--- a/drivers/ipack/carriers/tpci200.c
+++ b/drivers/ipack/carriers/tpci200.c
@@ -88,8 +88,8 @@ static void tpci200_unregister(struct tpci200_board *tpci200)
 {
 	free_irq(tpci200->info->pdev->irq, (void *) tpci200);
 
-	pci_iounmap(tpci200->info->pdev, tpci200->info->interface_regs);
-	pci_iounmap(tpci200->info->pdev, tpci200->info->cfg_regs);
+	iounmap(tpci200->info->interface_regs);
+	iounmap(tpci200->info->cfg_regs);
 
 	pci_release_region(tpci200->info->pdev, TPCI200_IP_INTERFACE_BAR);
 	pci_release_region(tpci200->info->pdev, TPCI200_IO_ID_INT_SPACES_BAR);
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe
  2021-07-21 11:11 [PATCH 1/3] ipack: tpci200: pci_iounmap -> iounmap Dongliang Mu
@ 2021-07-21 11:11 ` Dongliang Mu
  2021-08-05 12:20   ` Greg Kroah-Hartman
  2021-07-21 11:11 ` [PATCH 3/3] ipack: tpci200: fix memory leak in the tpci200_register Dongliang Mu
  1 sibling, 1 reply; 6+ messages in thread
From: Dongliang Mu @ 2021-07-21 11:11 UTC (permalink / raw)
  To: Samuel Iglesias Gonsalvez, Jens Taprogge, Greg Kroah-Hartman,
	Dongliang Mu, Lv Yunlong, Aditya Srivastava
  Cc: Randy Dunlap, industrypack-devel, linux-kernel

The function tpci200_register called by tpci200_install and
tpci200_unregister called by tpci200_uninstall are in pair. However,
tpci200_unregister has some cleanup operations not in the
tpci200_register. So the error handling code of tpci200_pci_probe has
many different double free issues.

Fix this problem by moving those cleanup operations out of
tpci200_unregister, into tpci200_pci_remove and reverting
the previous commit 9272e5d0028d

Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Fixes: 9272e5d0028d ("ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
---
 drivers/ipack/carriers/tpci200.c | 35 ++++++++++++++++----------------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/drivers/ipack/carriers/tpci200.c b/drivers/ipack/carriers/tpci200.c
index ca302a87bc22..7fbfb17c341b 100644
--- a/drivers/ipack/carriers/tpci200.c
+++ b/drivers/ipack/carriers/tpci200.c
@@ -89,16 +89,13 @@ static void tpci200_unregister(struct tpci200_board *tpci200)
 	free_irq(tpci200->info->pdev->irq, (void *) tpci200);
 
 	iounmap(tpci200->info->interface_regs);
-	iounmap(tpci200->info->cfg_regs);
 
 	pci_release_region(tpci200->info->pdev, TPCI200_IP_INTERFACE_BAR);
 	pci_release_region(tpci200->info->pdev, TPCI200_IO_ID_INT_SPACES_BAR);
 	pci_release_region(tpci200->info->pdev, TPCI200_MEM16_SPACE_BAR);
 	pci_release_region(tpci200->info->pdev, TPCI200_MEM8_SPACE_BAR);
-	pci_release_region(tpci200->info->pdev, TPCI200_CFG_MEM_BAR);
 
 	pci_disable_device(tpci200->info->pdev);
-	pci_dev_put(tpci200->info->pdev);
 }
 
 static void tpci200_enable_irq(struct tpci200_board *tpci200,
@@ -527,7 +524,7 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 	tpci200->info = kzalloc(sizeof(struct tpci200_infos), GFP_KERNEL);
 	if (!tpci200->info) {
 		ret = -ENOMEM;
-		goto out_err_info;
+		goto err_tpci200;
 	}
 
 	pci_dev_get(pdev);
@@ -538,7 +535,7 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 	if (ret) {
 		dev_err(&pdev->dev, "Failed to allocate PCI Configuration Memory");
 		ret = -EBUSY;
-		goto out_err_pci_request;
+		goto err_tpci200_info;
 	}
 	tpci200->info->cfg_regs = ioremap(
 			pci_resource_start(pdev, TPCI200_CFG_MEM_BAR),
@@ -546,7 +543,7 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 	if (!tpci200->info->cfg_regs) {
 		dev_err(&pdev->dev, "Failed to map PCI Configuration Memory");
 		ret = -EFAULT;
-		goto out_err_ioremap;
+		goto err_request_region;
 	}
 
 	/* Disable byte swapping for 16 bit IP module access. This will ensure
@@ -569,7 +566,7 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 	if (ret) {
 		dev_err(&pdev->dev, "error during tpci200 install\n");
 		ret = -ENODEV;
-		goto out_err_install;
+		goto err_cfg_regs;
 	}
 
 	/* Register the carrier in the industry pack bus driver */
@@ -581,7 +578,7 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 		dev_err(&pdev->dev,
 			"error registering the carrier on ipack driver\n");
 		ret = -EFAULT;
-		goto out_err_bus_register;
+		goto err_tpci200_install;
 	}
 
 	/* save the bus number given by ipack to logging purpose */
@@ -592,19 +589,16 @@ static int tpci200_pci_probe(struct pci_dev *pdev,
 		tpci200_create_device(tpci200, i);
 	return 0;
 
-out_err_bus_register:
+err_tpci200_install:
 	tpci200_uninstall(tpci200);
-	/* tpci200->info->cfg_regs is unmapped in tpci200_uninstall */
-	tpci200->info->cfg_regs = NULL;
-out_err_install:
-	if (tpci200->info->cfg_regs)
-		iounmap(tpci200->info->cfg_regs);
-out_err_ioremap:
+err_cfg_regs:
+	iounmap(tpci200->info->cfg_regs);
+err_request_region:
 	pci_release_region(pdev, TPCI200_CFG_MEM_BAR);
-out_err_pci_request:
-	pci_dev_put(pdev);
+err_tpci200_info:
 	kfree(tpci200->info);
-out_err_info:
+	pci_dev_put(pdev);
+err_tpci200:
 	kfree(tpci200);
 	return ret;
 }
@@ -614,6 +608,11 @@ static void __tpci200_pci_remove(struct tpci200_board *tpci200)
 	ipack_bus_unregister(tpci200->info->ipack_bus);
 	tpci200_uninstall(tpci200);
 
+	iounmap(tpci200->info->cfg_regs);
+	pci_release_region(tpci200->info->pdev, TPCI200_CFG_MEM_BAR);
+
+	pci_dev_put(tpci200->info->pdev);
+
 	kfree(tpci200->info);
 	kfree(tpci200);
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 3/3] ipack: tpci200: fix memory leak in the tpci200_register
  2021-07-21 11:11 [PATCH 1/3] ipack: tpci200: pci_iounmap -> iounmap Dongliang Mu
  2021-07-21 11:11 ` [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe Dongliang Mu
@ 2021-07-21 11:11 ` Dongliang Mu
  1 sibling, 0 replies; 6+ messages in thread
From: Dongliang Mu @ 2021-07-21 11:11 UTC (permalink / raw)
  To: Samuel Iglesias Gonsalvez, Jens Taprogge, Greg Kroah-Hartman,
	Dongliang Mu, Aditya Srivastava, Lv Yunlong, Zhouyang Jia
  Cc: Randy Dunlap, industrypack-devel, linux-kernel

The error handling code in tpci200_register does not free interface_regs
allocated by ioremap and the current version of error handling code is
problematic.

Fix this by refactoring the error handling code and free interface_regs
when necessary.

Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Fixes: 43986798fd50 ("ipack: add error handling for ioremap_nocache")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
---
 drivers/ipack/carriers/tpci200.c | 52 +++++++++++++++++---------------
 1 file changed, 28 insertions(+), 24 deletions(-)

diff --git a/drivers/ipack/carriers/tpci200.c b/drivers/ipack/carriers/tpci200.c
index 7fbfb17c341b..a4e5883321df 100644
--- a/drivers/ipack/carriers/tpci200.c
+++ b/drivers/ipack/carriers/tpci200.c
@@ -84,20 +84,6 @@ static void tpci200_set_mask(struct tpci200_board *tpci200,
 	spin_unlock_irqrestore(&tpci200->regs_lock, flags);
 }
 
-static void tpci200_unregister(struct tpci200_board *tpci200)
-{
-	free_irq(tpci200->info->pdev->irq, (void *) tpci200);
-
-	iounmap(tpci200->info->interface_regs);
-
-	pci_release_region(tpci200->info->pdev, TPCI200_IP_INTERFACE_BAR);
-	pci_release_region(tpci200->info->pdev, TPCI200_IO_ID_INT_SPACES_BAR);
-	pci_release_region(tpci200->info->pdev, TPCI200_MEM16_SPACE_BAR);
-	pci_release_region(tpci200->info->pdev, TPCI200_MEM8_SPACE_BAR);
-
-	pci_disable_device(tpci200->info->pdev);
-}
-
 static void tpci200_enable_irq(struct tpci200_board *tpci200,
 			       int islot)
 {
@@ -254,7 +240,7 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			"(bn 0x%X, sn 0x%X) failed to allocate PCI resource for BAR 2 !",
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
-		goto out_disable_pci;
+		goto err_enable_device;
 	}
 
 	/* Request IO ID INT space (Bar 3) */
@@ -266,7 +252,7 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			"(bn 0x%X, sn 0x%X) failed to allocate PCI resource for BAR 3 !",
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
-		goto out_release_ip_space;
+		goto err_ip_interface_bar;
 	}
 
 	/* Request MEM8 space (Bar 5) */
@@ -277,7 +263,7 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			"(bn 0x%X, sn 0x%X) failed to allocate PCI resource for BAR 5!",
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
-		goto out_release_ioid_int_space;
+		goto err_io_id_int_spaces_bar;
 	}
 
 	/* Request MEM16 space (Bar 4) */
@@ -288,7 +274,7 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			"(bn 0x%X, sn 0x%X) failed to allocate PCI resource for BAR 4!",
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
-		goto out_release_mem8_space;
+		goto err_mem8_space_bar;
 	}
 
 	/* Map internal tpci200 driver user space */
@@ -302,7 +288,7 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
 		res = -ENOMEM;
-		goto out_release_mem8_space;
+		goto err_mem16_space_bar;
 	}
 
 	/* Initialize lock that protects interface_regs */
@@ -341,22 +327,40 @@ static int tpci200_register(struct tpci200_board *tpci200)
 			"(bn 0x%X, sn 0x%X) unable to register IRQ !",
 			tpci200->info->pdev->bus->number,
 			tpci200->info->pdev->devfn);
-		goto out_release_ioid_int_space;
+		goto err_interface_regs;
 	}
 
 	return 0;
 
-out_release_mem8_space:
+err_interface_regs:
+	iounmap(tpci200->info->interface_regs);
+err_mem16_space_bar:
+	pci_release_region(tpci200->info->pdev, TPCI200_MEM16_SPACE_BAR);
+err_mem8_space_bar:
 	pci_release_region(tpci200->info->pdev, TPCI200_MEM8_SPACE_BAR);
-out_release_ioid_int_space:
+err_io_id_int_spaces_bar:
 	pci_release_region(tpci200->info->pdev, TPCI200_IO_ID_INT_SPACES_BAR);
-out_release_ip_space:
+err_ip_interface_bar:
 	pci_release_region(tpci200->info->pdev, TPCI200_IP_INTERFACE_BAR);
-out_disable_pci:
+err_enable_device:
 	pci_disable_device(tpci200->info->pdev);
 	return res;
 }
 
+static void tpci200_unregister(struct tpci200_board *tpci200)
+{
+	free_irq(tpci200->info->pdev->irq, (void *) tpci200);
+
+	iounmap(tpci200->info->interface_regs);
+
+	pci_release_region(tpci200->info->pdev, TPCI200_IP_INTERFACE_BAR);
+	pci_release_region(tpci200->info->pdev, TPCI200_IO_ID_INT_SPACES_BAR);
+	pci_release_region(tpci200->info->pdev, TPCI200_MEM16_SPACE_BAR);
+	pci_release_region(tpci200->info->pdev, TPCI200_MEM8_SPACE_BAR);
+
+	pci_disable_device(tpci200->info->pdev);
+}
+
 static int tpci200_get_clockrate(struct ipack_device *dev)
 {
 	struct tpci200_board *tpci200 = check_slot(dev);
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe
  2021-07-21 11:11 ` [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe Dongliang Mu
@ 2021-08-05 12:20   ` Greg Kroah-Hartman
  2021-08-09  3:40     ` Dongliang Mu
  0 siblings, 1 reply; 6+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-05 12:20 UTC (permalink / raw)
  To: Dongliang Mu
  Cc: Samuel Iglesias Gonsalvez, Jens Taprogge, Lv Yunlong,
	Aditya Srivastava, Randy Dunlap, industrypack-devel,
	linux-kernel

On Wed, Jul 21, 2021 at 07:11:31PM +0800, Dongliang Mu wrote:
> The function tpci200_register called by tpci200_install and
> tpci200_unregister called by tpci200_uninstall are in pair. However,
> tpci200_unregister has some cleanup operations not in the
> tpci200_register. So the error handling code of tpci200_pci_probe has
> many different double free issues.
> 
> Fix this problem by moving those cleanup operations out of
> tpci200_unregister, into tpci200_pci_remove and reverting
> the previous commit 9272e5d0028d
> 
> Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
> Fixes: 9272e5d0028d ("ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe")
> Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> ---
>  drivers/ipack/carriers/tpci200.c | 35 ++++++++++++++++----------------
>  1 file changed, 17 insertions(+), 18 deletions(-)

This needs to be applied to the tree now, and should not depend on your
patch 1/3 here as it is a bugfix.  Please redo this series and send 2,
one to be merged for 5.14-final and to go to the stable kernels, and a
separate "clean up things" series that can wait until 5.15-rc1.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe
  2021-08-05 12:20   ` Greg Kroah-Hartman
@ 2021-08-09  3:40     ` Dongliang Mu
  2021-08-09  8:45       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 6+ messages in thread
From: Dongliang Mu @ 2021-08-09  3:40 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Samuel Iglesias Gonsalvez, Jens Taprogge, Lv Yunlong,
	Aditya Srivastava, Randy Dunlap, industrypack-devel,
	linux-kernel

On Thu, Aug 5, 2021 at 8:20 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Wed, Jul 21, 2021 at 07:11:31PM +0800, Dongliang Mu wrote:
> > The function tpci200_register called by tpci200_install and
> > tpci200_unregister called by tpci200_uninstall are in pair. However,
> > tpci200_unregister has some cleanup operations not in the
> > tpci200_register. So the error handling code of tpci200_pci_probe has
> > many different double free issues.
> >
> > Fix this problem by moving those cleanup operations out of
> > tpci200_unregister, into tpci200_pci_remove and reverting
> > the previous commit 9272e5d0028d
> >
> > Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
> > Fixes: 9272e5d0028d ("ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe")
> > Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> > ---
> >  drivers/ipack/carriers/tpci200.c | 35 ++++++++++++++++----------------
> >  1 file changed, 17 insertions(+), 18 deletions(-)
>
> This needs to be applied to the tree now, and should not depend on your
> patch 1/3 here as it is a bugfix.  Please redo this series and send 2,
> one to be merged for 5.14-final and to go to the stable kernels, and a
> separate "clean up things" series that can wait until 5.15-rc1.

No problem. I will send a separate fix.

BTW, how about the PATCH 3/3 in this series [1]? It does not depend on
PATCH 1/3, however, it does not include the fix to memleak, but also
moves the unregister function. Shall I send it separately?

[1] https://lkml.org/lkml/2021/7/21/370

>
> thanks,
>
> greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe
  2021-08-09  3:40     ` Dongliang Mu
@ 2021-08-09  8:45       ` Greg Kroah-Hartman
  0 siblings, 0 replies; 6+ messages in thread
From: Greg Kroah-Hartman @ 2021-08-09  8:45 UTC (permalink / raw)
  To: Dongliang Mu
  Cc: Samuel Iglesias Gonsalvez, Jens Taprogge, Lv Yunlong,
	Aditya Srivastava, Randy Dunlap, industrypack-devel,
	linux-kernel

On Mon, Aug 09, 2021 at 11:40:13AM +0800, Dongliang Mu wrote:
> On Thu, Aug 5, 2021 at 8:20 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Wed, Jul 21, 2021 at 07:11:31PM +0800, Dongliang Mu wrote:
> > > The function tpci200_register called by tpci200_install and
> > > tpci200_unregister called by tpci200_uninstall are in pair. However,
> > > tpci200_unregister has some cleanup operations not in the
> > > tpci200_register. So the error handling code of tpci200_pci_probe has
> > > many different double free issues.
> > >
> > > Fix this problem by moving those cleanup operations out of
> > > tpci200_unregister, into tpci200_pci_remove and reverting
> > > the previous commit 9272e5d0028d
> > >
> > > Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
> > > Fixes: 9272e5d0028d ("ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe")
> > > Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
> > > ---
> > >  drivers/ipack/carriers/tpci200.c | 35 ++++++++++++++++----------------
> > >  1 file changed, 17 insertions(+), 18 deletions(-)
> >
> > This needs to be applied to the tree now, and should not depend on your
> > patch 1/3 here as it is a bugfix.  Please redo this series and send 2,
> > one to be merged for 5.14-final and to go to the stable kernels, and a
> > separate "clean up things" series that can wait until 5.15-rc1.
> 
> No problem. I will send a separate fix.
> 
> BTW, how about the PATCH 3/3 in this series [1]? It does not depend on
> PATCH 1/3, however, it does not include the fix to memleak, but also
> moves the unregister function. Shall I send it separately?
> 
> [1] https://lkml.org/lkml/2021/7/21/370

Please resend everything, as none of these were applied and are all gone
from my queue.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-08-09  8:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-21 11:11 [PATCH 1/3] ipack: tpci200: pci_iounmap -> iounmap Dongliang Mu
2021-07-21 11:11 ` [PATCH 2/3] ipack: tpci200: fix many double free issues in tpci200_pci_probe Dongliang Mu
2021-08-05 12:20   ` Greg Kroah-Hartman
2021-08-09  3:40     ` Dongliang Mu
2021-08-09  8:45       ` Greg Kroah-Hartman
2021-07-21 11:11 ` [PATCH 3/3] ipack: tpci200: fix memory leak in the tpci200_register Dongliang Mu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.