* [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc
@ 2021-01-02 9:50 Dinghao Liu
2021-01-03 2:40 ` Lu Baolu
0 siblings, 1 reply; 7+ messages in thread
From: Dinghao Liu @ 2021-01-02 9:50 UTC (permalink / raw)
To: dinghao.liu, kjlu
Cc: David Woodhouse, linux-kernel, iommu, Thomas Gleixner,
Will Deacon, Jiang Liu
When irq_domain_get_irq_data() or irqd_cfg() fails
meanwhile i == 0, data allocated by kzalloc() has not
been freed before returning, which leads to memleak.
Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
---
drivers/iommu/intel/irq_remapping.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c
index aeffda92b10b..cdaeed36750f 100644
--- a/drivers/iommu/intel/irq_remapping.c
+++ b/drivers/iommu/intel/irq_remapping.c
@@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain,
irq_cfg = irqd_cfg(irq_data);
if (!irq_data || !irq_cfg) {
ret = -EINVAL;
+ kfree(data);
+ data = NULL;
goto out_free_data;
}
--
2.17.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-02 9:50 [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc Dinghao Liu @ 2021-01-03 2:40 ` Lu Baolu 2021-01-03 4:08 ` dinghao.liu 0 siblings, 1 reply; 7+ messages in thread From: Lu Baolu @ 2021-01-03 2:40 UTC (permalink / raw) To: Dinghao Liu, kjlu Cc: David Woodhouse, linux-kernel, iommu, Thomas Gleixner, Will Deacon, Jiang Liu Hi, On 2021/1/2 17:50, Dinghao Liu wrote: > When irq_domain_get_irq_data() or irqd_cfg() fails > meanwhile i == 0, data allocated by kzalloc() has not > been freed before returning, which leads to memleak. > > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > --- > drivers/iommu/intel/irq_remapping.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c > index aeffda92b10b..cdaeed36750f 100644 > --- a/drivers/iommu/intel/irq_remapping.c > +++ b/drivers/iommu/intel/irq_remapping.c > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, > irq_cfg = irqd_cfg(irq_data); > if (!irq_data || !irq_cfg) { > ret = -EINVAL; > + kfree(data); > + data = NULL; Do you need to check (i == 0) here? @data will not be used anymore as it goes to out branch, why setting it to NULL here? Best regards, baolu > goto out_free_data; > } > > _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-03 2:40 ` Lu Baolu @ 2021-01-03 4:08 ` dinghao.liu 2021-01-03 5:49 ` Lu Baolu 0 siblings, 1 reply; 7+ messages in thread From: dinghao.liu @ 2021-01-03 4:08 UTC (permalink / raw) To: Lu Baolu Cc: Will Deacon, kjlu, linux-kernel, iommu, Thomas Gleixner, David Woodhouse, Jiang Liu > Hi, > > On 2021/1/2 17:50, Dinghao Liu wrote: > > When irq_domain_get_irq_data() or irqd_cfg() fails > > meanwhile i == 0, data allocated by kzalloc() has not > > been freed before returning, which leads to memleak. > > > > Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") > > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > > --- > > drivers/iommu/intel/irq_remapping.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c > > index aeffda92b10b..cdaeed36750f 100644 > > --- a/drivers/iommu/intel/irq_remapping.c > > +++ b/drivers/iommu/intel/irq_remapping.c > > @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, > > irq_cfg = irqd_cfg(irq_data); > > if (!irq_data || !irq_cfg) { > > ret = -EINVAL; > > + kfree(data); > > + data = NULL; > > Do you need to check (i == 0) here? @data will not be used anymore as it > goes to out branch, why setting it to NULL here? > data will be passed to ire_data->chip_data when i == 0 and intel_free_irq_resources() will free it on failure. Thus I set it to NULL to prevent double-free. However, if we add a check (i == 0) here, we will not need to set it to NULL. If this is better, I will resend a new patch soon. Regards, Dinghao _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-03 4:08 ` dinghao.liu @ 2021-01-03 5:49 ` Lu Baolu 2021-01-03 6:22 ` dinghao.liu 0 siblings, 1 reply; 7+ messages in thread From: Lu Baolu @ 2021-01-03 5:49 UTC (permalink / raw) To: dinghao.liu Cc: Will Deacon, kjlu, linux-kernel, iommu, Thomas Gleixner, David Woodhouse, Jiang Liu On 2021/1/3 12:08, dinghao.liu@zju.edu.cn wrote: >> Hi, >> >> On 2021/1/2 17:50, Dinghao Liu wrote: >>> When irq_domain_get_irq_data() or irqd_cfg() fails >>> meanwhile i == 0, data allocated by kzalloc() has not >>> been freed before returning, which leads to memleak. >>> >>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") >>> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> >>> --- >>> drivers/iommu/intel/irq_remapping.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c >>> index aeffda92b10b..cdaeed36750f 100644 >>> --- a/drivers/iommu/intel/irq_remapping.c >>> +++ b/drivers/iommu/intel/irq_remapping.c >>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, >>> irq_cfg = irqd_cfg(irq_data); >>> if (!irq_data || !irq_cfg) { >>> ret = -EINVAL; >>> + kfree(data); >>> + data = NULL; >> >> Do you need to check (i == 0) here? @data will not be used anymore as it >> goes to out branch, why setting it to NULL here? >> > > data will be passed to ire_data->chip_data when i == 0 and > intel_free_irq_resources() will free it on failure. Thus I Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data won't be freed by intel_free_irq_resources(), hence memory leaking. Does this patch aim to fix this? Best regards, baolu > set it to NULL to prevent double-free. However, if we add > a check (i == 0) here, we will not need to set it to NULL. > If this is better, I will resend a new patch soon. > > Regards, > Dinghao > _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-03 5:49 ` Lu Baolu @ 2021-01-03 6:22 ` dinghao.liu 2021-01-05 1:51 ` Lu Baolu 0 siblings, 1 reply; 7+ messages in thread From: dinghao.liu @ 2021-01-03 6:22 UTC (permalink / raw) To: Lu Baolu Cc: Will Deacon, kjlu, linux-kernel, iommu, Thomas Gleixner, David Woodhouse, Jiang Liu > On 2021/1/3 12:08, dinghao.liu@zju.edu.cn wrote: > >> Hi, > >> > >> On 2021/1/2 17:50, Dinghao Liu wrote: > >>> When irq_domain_get_irq_data() or irqd_cfg() fails > >>> meanwhile i == 0, data allocated by kzalloc() has not > >>> been freed before returning, which leads to memleak. > >>> > >>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") > >>> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > >>> --- > >>> drivers/iommu/intel/irq_remapping.c | 2 ++ > >>> 1 file changed, 2 insertions(+) > >>> > >>> diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c > >>> index aeffda92b10b..cdaeed36750f 100644 > >>> --- a/drivers/iommu/intel/irq_remapping.c > >>> +++ b/drivers/iommu/intel/irq_remapping.c > >>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, > >>> irq_cfg = irqd_cfg(irq_data); > >>> if (!irq_data || !irq_cfg) { > >>> ret = -EINVAL; > >>> + kfree(data); > >>> + data = NULL; > >> > >> Do you need to check (i == 0) here? @data will not be used anymore as it > >> goes to out branch, why setting it to NULL here? > >> > > > > data will be passed to ire_data->chip_data when i == 0 and > > intel_free_irq_resources() will free it on failure. Thus I > > Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data > won't be freed by intel_free_irq_resources(), hence memory leaking. Does > this patch aim to fix this? > > Best regards, > baolu > Correct, this is what I mean. When i > 0, data has been passed to irq_data->chip_data, which will be freed in intel_free_irq_resources() on failure. So there is no memleak in this case. The memleak only occurs on failure when i == 0 (data has not been passed to irq_data->chip_data). I set data to NULL after kfree() in this patch to prevent double-free when the failure occurs at i > 0. Regards, Dinghao > > set it to NULL to prevent double-free. However, if we add > > a check (i == 0) here, we will not need to set it to NULL. > > If this is better, I will resend a new patch soon. > > > > Regards, > > Dinghao > > _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-03 6:22 ` dinghao.liu @ 2021-01-05 1:51 ` Lu Baolu 2021-01-05 2:48 ` dinghao.liu 0 siblings, 1 reply; 7+ messages in thread From: Lu Baolu @ 2021-01-05 1:51 UTC (permalink / raw) To: dinghao.liu Cc: Will Deacon, kjlu, linux-kernel, iommu, Thomas Gleixner, David Woodhouse, Jiang Liu On 1/3/21 2:22 PM, dinghao.liu@zju.edu.cn wrote: >> On 2021/1/3 12:08, dinghao.liu@zju.edu.cn wrote: >>>> Hi, >>>> >>>> On 2021/1/2 17:50, Dinghao Liu wrote: >>>>> When irq_domain_get_irq_data() or irqd_cfg() fails >>>>> meanwhile i == 0, data allocated by kzalloc() has not >>>>> been freed before returning, which leads to memleak. >>>>> >>>>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") >>>>> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> >>>>> --- >>>>> drivers/iommu/intel/irq_remapping.c | 2 ++ >>>>> 1 file changed, 2 insertions(+) >>>>> >>>>> diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c >>>>> index aeffda92b10b..cdaeed36750f 100644 >>>>> --- a/drivers/iommu/intel/irq_remapping.c >>>>> +++ b/drivers/iommu/intel/irq_remapping.c >>>>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, >>>>> irq_cfg = irqd_cfg(irq_data); >>>>> if (!irq_data || !irq_cfg) { >>>>> ret = -EINVAL; >>>>> + kfree(data); >>>>> + data = NULL; >>>> >>>> Do you need to check (i == 0) here? @data will not be used anymore as it >>>> goes to out branch, why setting it to NULL here? >>>> >>> >>> data will be passed to ire_data->chip_data when i == 0 and >>> intel_free_irq_resources() will free it on failure. Thus I >> >> Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data >> won't be freed by intel_free_irq_resources(), hence memory leaking. Does >> this patch aim to fix this? >> >> Best regards, >> baolu >> > > Correct, this is what I mean. When i > 0, data has been passed to > irq_data->chip_data, which will be freed in intel_free_irq_resources() > on failure. So there is no memleak in this case. The memleak only occurs > on failure when i == 0 (data has not been passed to irq_data->chip_data). So how about diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c index aeffda92b10b..685200a5cff0 100644 --- a/drivers/iommu/intel/irq_remapping.c +++ b/drivers/iommu/intel/irq_remapping.c @@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, irq_data = irq_domain_get_irq_data(domain, virq + i); irq_cfg = irqd_cfg(irq_data); if (!irq_data || !irq_cfg) { + if (!i) + kfree(data); ret = -EINVAL; goto out_free_data; } > I set data to NULL after kfree() in this patch to prevent double-free > when the failure occurs at i > 0. if i>0, @data has been passed and will be freed by intel_free_irq_resources() on the failure path. No need to free or clear, right? Best regards, baolu > > Regards, > Dinghao > >>> set it to NULL to prevent double-free. However, if we add >>> a check (i == 0) here, we will not need to set it to NULL. >>> If this is better, I will resend a new patch soon. >>> >>> Regards, >>> Dinghao >>> _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: Re: [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc 2021-01-05 1:51 ` Lu Baolu @ 2021-01-05 2:48 ` dinghao.liu 0 siblings, 0 replies; 7+ messages in thread From: dinghao.liu @ 2021-01-05 2:48 UTC (permalink / raw) To: Lu Baolu Cc: Will Deacon, kjlu, linux-kernel, iommu, Thomas Gleixner, David Woodhouse, Jiang Liu > On 1/3/21 2:22 PM, dinghao.liu@zju.edu.cn wrote: > >> On 2021/1/3 12:08, dinghao.liu@zju.edu.cn wrote: > >>>> Hi, > >>>> > >>>> On 2021/1/2 17:50, Dinghao Liu wrote: > >>>>> When irq_domain_get_irq_data() or irqd_cfg() fails > >>>>> meanwhile i == 0, data allocated by kzalloc() has not > >>>>> been freed before returning, which leads to memleak. > >>>>> > >>>>> Fixes: b106ee63abccb ("irq_remapping/vt-d: Enhance Intel IR driver to support hierarchical irqdomains") > >>>>> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> > >>>>> --- > >>>>> drivers/iommu/intel/irq_remapping.c | 2 ++ > >>>>> 1 file changed, 2 insertions(+) > >>>>> > >>>>> diff --git a/drivers/iommu/intel/irq_remapping.c b/drivers/iommu/intel/irq_remapping.c > >>>>> index aeffda92b10b..cdaeed36750f 100644 > >>>>> --- a/drivers/iommu/intel/irq_remapping.c > >>>>> +++ b/drivers/iommu/intel/irq_remapping.c > >>>>> @@ -1354,6 +1354,8 @@ static int intel_irq_remapping_alloc(struct irq_domain *domain, > >>>>> irq_cfg = irqd_cfg(irq_data); > >>>>> if (!irq_data || !irq_cfg) { > >>>>> ret = -EINVAL; > >>>>> + kfree(data); > >>>>> + data = NULL; > >>>> > >>>> Do you need to check (i == 0) here? @data will not be used anymore as it > >>>> goes to out branch, why setting it to NULL here? > >>>> > >>> > >>> data will be passed to ire_data->chip_data when i == 0 and > >>> intel_free_irq_resources() will free it on failure. Thus I > >> > >> Isn't it going to "goto out_free_data"? If "i == 0", the allocated @data > >> won't be freed by intel_free_irq_resources(), hence memory leaking. Does > >> this patch aim to fix this? > >> > >> Best regards, > >> baolu > >> > > > > Correct, this is what I mean. When i > 0, data has been passed to > > irq_data->chip_data, which will be freed in intel_free_irq_resources() > > on failure. So there is no memleak in this case. The memleak only occurs > > on failure when i == 0 (data has not been passed to irq_data->chip_data). > > So how about > > diff --git a/drivers/iommu/intel/irq_remapping.c > b/drivers/iommu/intel/irq_remapping.c > index aeffda92b10b..685200a5cff0 100644 > --- a/drivers/iommu/intel/irq_remapping.c > +++ b/drivers/iommu/intel/irq_remapping.c > @@ -1353,6 +1353,8 @@ static int intel_irq_remapping_alloc(struct > irq_domain *domain, > irq_data = irq_domain_get_irq_data(domain, virq + i); > irq_cfg = irqd_cfg(irq_data); > if (!irq_data || !irq_cfg) { > + if (!i) > + kfree(data); > ret = -EINVAL; > goto out_free_data; > } > > > I set data to NULL after kfree() in this patch to prevent double-free > > when the failure occurs at i > 0. > > if i>0, @data has been passed and will be freed by > intel_free_irq_resources() on the failure path. No need to free or > clear, right? Right, this is clearer. Thank you for your advice and I will resend a new patch soon. Regards, Dinghao > > Best regards, > baolu > > > > > Regards, > > Dinghao > > > >>> set it to NULL to prevent double-free. However, if we add > >>> a check (i == 0) here, we will not need to set it to NULL. > >>> If this is better, I will resend a new patch soon. > >>> > >>> Regards, > >>> Dinghao > >>> _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-01-05 2:49 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-02 9:50 [PATCH] iommu/intel: Fix memleak in intel_irq_remapping_alloc Dinghao Liu 2021-01-03 2:40 ` Lu Baolu 2021-01-03 4:08 ` dinghao.liu 2021-01-03 5:49 ` Lu Baolu 2021-01-03 6:22 ` dinghao.liu 2021-01-05 1:51 ` Lu Baolu 2021-01-05 2:48 ` dinghao.liu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).