From mboxrd@z Thu Jan  1 00:00:00 1970
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Tue, 30 Apr 2019 20:01:03 +0200
Subject: [U-Boot] [PATCH 2/4] disk: efi: Fix memory leak on 'gpt verify'
In-Reply-To: <20190430025347.3097-3-erosca@de.adit-jv.com>
References: <20190430025347.3097-1-erosca@de.adit-jv.com>
 <20190430025347.3097-3-erosca@de.adit-jv.com>
Message-ID: <a489a567-556a-6746-b4c4-f8b313e32371@gmx.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On 4/30/19 4:53 AM, Eugeniu Rosca wrote:
> Below is what happens on R-Car H3ULCB-KF using clean U-Boot
> v2019.04-00810-g6aebc0d11a10 and r8a7795_ulcb_defconfig:
>
>   => ### interrupt autoboot
>   => gpt verify mmc 1
>   No partition list provided - only basic check
>   Verify GPT: success!
>   => ### keep calling 'gpt verify mmc 1'
>   => ### on 58th call, we are out of memory:
>   => gpt verify mmc 1
>   alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT Entries
>   GPT: Failed to allocate memory for PTE
>   gpt_verify_headers: *** ERROR: Invalid Backup GPT ***
>   Verify GPT: error!
>
> This is caused by calling is_gpt_valid() twice (hence allocating pte
> also twice via alloc_read_gpt_entries()) while freeing pte only _once_
> in the caller of gpt_verify_headers(). Fix that by freeing the pte
> allocated and populated for primary GPT _before_ allocating and
> populating the pte for backup GPT. The latter will be freed by the
> caller of gpt_verify_headers().
>
> With the fix applied, the reproduction scenario [1-2] has been run
> hundreds of times in a loop w/o running into OOM.
>
> [1] gpt verify mmc 1
> [2] gpt verify mmc 1 $partitions
>
> Fixes: cef68bf9042dda ("gpt: part: Definition and declaration of GPT verification functions")
> Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

> ---
>   disk/part_efi.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/disk/part_efi.c b/disk/part_efi.c
> index 812d14cdd871..c0fa753339c8 100644
> --- a/disk/part_efi.c
> +++ b/disk/part_efi.c
> @@ -698,6 +698,10 @@ int gpt_verify_headers(struct blk_desc *dev_desc, gpt_header *gpt_head,
>   		       __func__);
>   		return -1;
>   	}
> +
> +	/* Free pte before allocating again */
> +	free(*gpt_pte);
> +
>   	if (is_gpt_valid(dev_desc, (dev_desc->lba - 1),
>   			 gpt_head, gpt_pte) != 1) {
>   		printf("%s: *** ERROR: Invalid Backup GPT ***\n",
>