LinuxPPC-Dev Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
@ 2021-04-20 19:03 Lakshmi Ramasubramanian
  2021-04-20 19:03 ` [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load() Lakshmi Ramasubramanian
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-04-20 19:03 UTC (permalink / raw)
  To: robh, dan.carpenter, mpe
  Cc: devicetree, kbuild-all, lkp, nramas, linuxppc-dev, bauerman, dja

There are a few "goto out;" statements before the local variable "fdt"
is initialized through the call to of_kexec_alloc_and_setup_fdt() in
elf64_load().  This will result in an uninitialized "fdt" being passed
to kvfree() in this function if there is an error before the call to
of_kexec_alloc_and_setup_fdt().

If there is any error after fdt is allocated, but before it is
saved in the arch specific kimage struct, free the fdt.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
---
 arch/powerpc/kexec/elf_64.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
index 5a569bb51349..02662e72c53d 100644
--- a/arch/powerpc/kexec/elf_64.c
+++ b/arch/powerpc/kexec/elf_64.c
@@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
 	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
 				  initrd_len, cmdline);
 	if (ret)
-		goto out;
+		goto out_free_fdt;
 
 	fdt_pack(fdt);
 
@@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
 	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
 	ret = kexec_add_buffer(&kbuf);
 	if (ret)
-		goto out;
+		goto out_free_fdt;
 
 	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
 	image->arch.fdt = fdt;
@@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
 	if (ret)
 		pr_err("Error setting up the purgatory.\n");
 
+	goto out;
+
+out_free_fdt:
+	kvfree(fdt);
 out:
 	kfree(modified_cmdline);
 	kexec_free_elf_info(&elf_info);
 
-	/*
-	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
-	 * the FDT buffer address is saved in image->arch.fdt. In that case,
-	 * the memory cannot be freed here in case of any other error.
-	 */
-	if (ret && !image->arch.fdt)
-		kvfree(fdt);
-
 	return ret ? ERR_PTR(ret) : NULL;
 }
 
-- 
2.31.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load()
  2021-04-20 19:03 [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Lakshmi Ramasubramanian
@ 2021-04-20 19:03 ` Lakshmi Ramasubramanian
  2021-04-21  7:21   ` Michael Ellerman
  2021-04-21  5:35 ` [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Santosh Sivaraj
  2021-04-21  7:18 ` Michael Ellerman
  2 siblings, 1 reply; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-04-20 19:03 UTC (permalink / raw)
  To: robh, dan.carpenter, mpe
  Cc: devicetree, kbuild-all, lkp, nramas, linuxppc-dev, bauerman, dja

Uninitialized local variable "elf_info" would be passed to
kexec_free_elf_info() if kexec_build_elf_info() returns an error
in elf64_load().

If kexec_build_elf_info() returns an error, return the error
immediately.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 arch/powerpc/kexec/elf_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
index 02662e72c53d..eeb258002d1e 100644
--- a/arch/powerpc/kexec/elf_64.c
+++ b/arch/powerpc/kexec/elf_64.c
@@ -45,7 +45,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
 
 	ret = kexec_build_elf_info(kernel_buf, kernel_len, &ehdr, &elf_info);
 	if (ret)
-		goto out;
+		return ERR_PTR(ret);
 
 	if (image->type == KEXEC_TYPE_CRASH) {
 		/* min & max buffer values for kdump case */
-- 
2.31.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
  2021-04-20 19:03 [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Lakshmi Ramasubramanian
  2021-04-20 19:03 ` [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load() Lakshmi Ramasubramanian
@ 2021-04-21  5:35 ` Santosh Sivaraj
  2021-04-21 13:58   ` Lakshmi Ramasubramanian
  2021-04-21  7:18 ` Michael Ellerman
  2 siblings, 1 reply; 8+ messages in thread
From: Santosh Sivaraj @ 2021-04-21  5:35 UTC (permalink / raw)
  To: Lakshmi Ramasubramanian, robh, dan.carpenter, mpe
  Cc: devicetree, kbuild-all, lkp, nramas, linuxppc-dev, bauerman, dja


Hi Lakshmi,

Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:

> There are a few "goto out;" statements before the local variable "fdt"
> is initialized through the call to of_kexec_alloc_and_setup_fdt() in
> elf64_load().  This will result in an uninitialized "fdt" being passed
> to kvfree() in this function if there is an error before the call to
> of_kexec_alloc_and_setup_fdt().
>
> If there is any error after fdt is allocated, but before it is
> saved in the arch specific kimage struct, free the fdt.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
> ---
>  arch/powerpc/kexec/elf_64.c | 16 ++++++----------
>  1 file changed, 6 insertions(+), 10 deletions(-)
>
> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
> index 5a569bb51349..02662e72c53d 100644
> --- a/arch/powerpc/kexec/elf_64.c
> +++ b/arch/powerpc/kexec/elf_64.c
> @@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
>  				  initrd_len, cmdline);
>  	if (ret)
> -		goto out;
> +		goto out_free_fdt;

Shouldn't there be a goto out_free_fdt if fdt_open_into fails?

>  
>  	fdt_pack(fdt);
>  
> @@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>  	ret = kexec_add_buffer(&kbuf);
>  	if (ret)
> -		goto out;
> +		goto out_free_fdt;
>  
>  	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
>  	image->arch.fdt = fdt;
> @@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	if (ret)
>  		pr_err("Error setting up the purgatory.\n");
>  
> +	goto out;
> +
> +out_free_fdt:
> +	kvfree(fdt);

Can just use kfree here?

Thanks,
Santosh
>  out:
>  	kfree(modified_cmdline);
>  	kexec_free_elf_info(&elf_info);
>  
> -	/*
> -	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
> -	 * the FDT buffer address is saved in image->arch.fdt. In that case,
> -	 * the memory cannot be freed here in case of any other error.
> -	 */
> -	if (ret && !image->arch.fdt)
> -		kvfree(fdt);
> -
>  	return ret ? ERR_PTR(ret) : NULL;
>  }
>  
> -- 
> 2.31.0

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
  2021-04-20 19:03 [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Lakshmi Ramasubramanian
  2021-04-20 19:03 ` [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load() Lakshmi Ramasubramanian
  2021-04-21  5:35 ` [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Santosh Sivaraj
@ 2021-04-21  7:18 ` Michael Ellerman
  2021-04-21 14:01   ` Lakshmi Ramasubramanian
  2 siblings, 1 reply; 8+ messages in thread
From: Michael Ellerman @ 2021-04-21  7:18 UTC (permalink / raw)
  To: Lakshmi Ramasubramanian, robh, dan.carpenter
  Cc: devicetree, kbuild-all, lkp, nramas, linuxppc-dev, bauerman, dja

Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:
> There are a few "goto out;" statements before the local variable "fdt"
> is initialized through the call to of_kexec_alloc_and_setup_fdt() in
> elf64_load().  This will result in an uninitialized "fdt" being passed
> to kvfree() in this function if there is an error before the call to
> of_kexec_alloc_and_setup_fdt().
>
> If there is any error after fdt is allocated, but before it is
> saved in the arch specific kimage struct, free the fdt.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Suggested-by: Michael Ellerman <mpe@ellerman.id.au>

I basically sent you the diff, so this should probably be:

  Reported-by: kernel test robot <lkp@intel.com>
  Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
  Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
  Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>

Otherwise looks good to me, thanks for turning it into a proper patch
and submitting it.

cheers


> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
> index 5a569bb51349..02662e72c53d 100644
> --- a/arch/powerpc/kexec/elf_64.c
> +++ b/arch/powerpc/kexec/elf_64.c
> @@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
>  				  initrd_len, cmdline);
>  	if (ret)
> -		goto out;
> +		goto out_free_fdt;
>  
>  	fdt_pack(fdt);
>  
> @@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>  	ret = kexec_add_buffer(&kbuf);
>  	if (ret)
> -		goto out;
> +		goto out_free_fdt;
>  
>  	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
>  	image->arch.fdt = fdt;
> @@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  	if (ret)
>  		pr_err("Error setting up the purgatory.\n");
>  
> +	goto out;
> +
> +out_free_fdt:
> +	kvfree(fdt);
>  out:
>  	kfree(modified_cmdline);
>  	kexec_free_elf_info(&elf_info);
>  
> -	/*
> -	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
> -	 * the FDT buffer address is saved in image->arch.fdt. In that case,
> -	 * the memory cannot be freed here in case of any other error.
> -	 */
> -	if (ret && !image->arch.fdt)
> -		kvfree(fdt);
> -
>  	return ret ? ERR_PTR(ret) : NULL;
>  }
>  
> -- 
> 2.31.0

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load()
  2021-04-20 19:03 ` [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load() Lakshmi Ramasubramanian
@ 2021-04-21  7:21   ` Michael Ellerman
  0 siblings, 0 replies; 8+ messages in thread
From: Michael Ellerman @ 2021-04-21  7:21 UTC (permalink / raw)
  To: Lakshmi Ramasubramanian, robh, dan.carpenter
  Cc: devicetree, kbuild-all, lkp, nramas, linuxppc-dev, bauerman, dja

Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:

> Uninitialized local variable "elf_info" would be passed to
> kexec_free_elf_info() if kexec_build_elf_info() returns an error
> in elf64_load().
>
> If kexec_build_elf_info() returns an error, return the error
> immediately.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

Reviewed-by: Michael Ellerman <mpe@ellerman.id.au>

cheers

> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
> index 02662e72c53d..eeb258002d1e 100644
> --- a/arch/powerpc/kexec/elf_64.c
> +++ b/arch/powerpc/kexec/elf_64.c
> @@ -45,7 +45,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>  
>  	ret = kexec_build_elf_info(kernel_buf, kernel_len, &ehdr, &elf_info);
>  	if (ret)
> -		goto out;
> +		return ERR_PTR(ret);
>  
>  	if (image->type == KEXEC_TYPE_CRASH) {
>  		/* min & max buffer values for kdump case */
> -- 
> 2.31.0

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
  2021-04-21  5:35 ` [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Santosh Sivaraj
@ 2021-04-21 13:58   ` Lakshmi Ramasubramanian
  2021-04-21 14:02     ` Santosh Sivaraj
  0 siblings, 1 reply; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-04-21 13:58 UTC (permalink / raw)
  To: Santosh Sivaraj, robh, dan.carpenter, mpe
  Cc: devicetree, kbuild-all, lkp, linuxppc-dev, bauerman, dja

On 4/20/21 10:35 PM, Santosh Sivaraj wrote:
Hi Santosh,

> 
>> There are a few "goto out;" statements before the local variable "fdt"
>> is initialized through the call to of_kexec_alloc_and_setup_fdt() in
>> elf64_load().  This will result in an uninitialized "fdt" being passed
>> to kvfree() in this function if there is an error before the call to
>> of_kexec_alloc_and_setup_fdt().
>>
>> If there is any error after fdt is allocated, but before it is
>> saved in the arch specific kimage struct, free the fdt.
>>
>> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
>> Reported-by: kernel test robot <lkp@intel.com>
>> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>> Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
>> ---
>>   arch/powerpc/kexec/elf_64.c | 16 ++++++----------
>>   1 file changed, 6 insertions(+), 10 deletions(-)
>>
>> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
>> index 5a569bb51349..02662e72c53d 100644
>> --- a/arch/powerpc/kexec/elf_64.c
>> +++ b/arch/powerpc/kexec/elf_64.c
>> @@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
>>   				  initrd_len, cmdline);
>>   	if (ret)
>> -		goto out;
>> +		goto out_free_fdt;
> 
> Shouldn't there be a goto out_free_fdt if fdt_open_into fails?

You are likely looking at elf_64.c in the mainline branch. The patch I 
have submitted is based on Rob's device-tree for-next branch. Please see 
the link below:

https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git/tree/arch/powerpc/kexec/elf_64.c?h=for-next

> 
>>   
>>   	fdt_pack(fdt);
>>   
>> @@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>>   	ret = kexec_add_buffer(&kbuf);
>>   	if (ret)
>> -		goto out;
>> +		goto out_free_fdt;
>>   
>>   	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
>>   	image->arch.fdt = fdt;
>> @@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	if (ret)
>>   		pr_err("Error setting up the purgatory.\n");
>>   
>> +	goto out;
>> +
>> +out_free_fdt:
>> +	kvfree(fdt);
> 
> Can just use kfree here?
"fdt" is allocated through kvmalloc(). So it is freed using kvfree.

thanks,
  -lakshmi

>>   out:
>>   	kfree(modified_cmdline);
>>   	kexec_free_elf_info(&elf_info);
>>   
>> -	/*
>> -	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
>> -	 * the FDT buffer address is saved in image->arch.fdt. In that case,
>> -	 * the memory cannot be freed here in case of any other error.
>> -	 */
>> -	if (ret && !image->arch.fdt)
>> -		kvfree(fdt);
>> -
>>   	return ret ? ERR_PTR(ret) : NULL;
>>   }
>>   
>> -- 
>> 2.31.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
  2021-04-21  7:18 ` Michael Ellerman
@ 2021-04-21 14:01   ` Lakshmi Ramasubramanian
  0 siblings, 0 replies; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-04-21 14:01 UTC (permalink / raw)
  To: Michael Ellerman, robh, dan.carpenter
  Cc: devicetree, kbuild-all, lkp, linuxppc-dev, bauerman, dja

On 4/21/21 12:18 AM, Michael Ellerman wrote:
> Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:
>> There are a few "goto out;" statements before the local variable "fdt"
>> is initialized through the call to of_kexec_alloc_and_setup_fdt() in
>> elf64_load().  This will result in an uninitialized "fdt" being passed
>> to kvfree() in this function if there is an error before the call to
>> of_kexec_alloc_and_setup_fdt().
>>
>> If there is any error after fdt is allocated, but before it is
>> saved in the arch specific kimage struct, free the fdt.
>>
>> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
>> Reported-by: kernel test robot <lkp@intel.com>
>> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>> Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
> 
> I basically sent you the diff, so this should probably be:
> 
>    Reported-by: kernel test robot <lkp@intel.com>
>    Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>    Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
>    Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> 
> Otherwise looks good to me, thanks for turning it into a proper patch
> and submitting it.

I will submit the patch again with the above change.
Thanks for reviewing the patch.

Could you please review [PATCH 2/2] as well?

thanks,
  -lakshmi

> 
> cheers
> 
> 
>> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
>> index 5a569bb51349..02662e72c53d 100644
>> --- a/arch/powerpc/kexec/elf_64.c
>> +++ b/arch/powerpc/kexec/elf_64.c
>> @@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
>>   				  initrd_len, cmdline);
>>   	if (ret)
>> -		goto out;
>> +		goto out_free_fdt;
>>   
>>   	fdt_pack(fdt);
>>   
>> @@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>>   	ret = kexec_add_buffer(&kbuf);
>>   	if (ret)
>> -		goto out;
>> +		goto out_free_fdt;
>>   
>>   	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
>>   	image->arch.fdt = fdt;
>> @@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>   	if (ret)
>>   		pr_err("Error setting up the purgatory.\n");
>>   
>> +	goto out;
>> +
>> +out_free_fdt:
>> +	kvfree(fdt);
>>   out:
>>   	kfree(modified_cmdline);
>>   	kexec_free_elf_info(&elf_info);
>>   
>> -	/*
>> -	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
>> -	 * the FDT buffer address is saved in image->arch.fdt. In that case,
>> -	 * the memory cannot be freed here in case of any other error.
>> -	 */
>> -	if (ret && !image->arch.fdt)
>> -		kvfree(fdt);
>> -
>>   	return ret ? ERR_PTR(ret) : NULL;
>>   }
>>   
>> -- 
>> 2.31.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] powerpc: Free fdt on error in elf64_load()
  2021-04-21 13:58   ` Lakshmi Ramasubramanian
@ 2021-04-21 14:02     ` Santosh Sivaraj
  0 siblings, 0 replies; 8+ messages in thread
From: Santosh Sivaraj @ 2021-04-21 14:02 UTC (permalink / raw)
  To: Lakshmi Ramasubramanian, robh, dan.carpenter, mpe
  Cc: devicetree, kbuild-all, lkp, linuxppc-dev, bauerman, dja

Lakshmi Ramasubramanian <nramas@linux.microsoft.com> writes:

> On 4/20/21 10:35 PM, Santosh Sivaraj wrote:
> Hi Santosh,
>
>> 
>>> There are a few "goto out;" statements before the local variable "fdt"
>>> is initialized through the call to of_kexec_alloc_and_setup_fdt() in
>>> elf64_load().  This will result in an uninitialized "fdt" being passed
>>> to kvfree() in this function if there is an error before the call to
>>> of_kexec_alloc_and_setup_fdt().
>>>
>>> If there is any error after fdt is allocated, but before it is
>>> saved in the arch specific kimage struct, free the fdt.
>>>
>>> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
>>> Reported-by: kernel test robot <lkp@intel.com>
>>> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>>> Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
>>> ---
>>>   arch/powerpc/kexec/elf_64.c | 16 ++++++----------
>>>   1 file changed, 6 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/arch/powerpc/kexec/elf_64.c b/arch/powerpc/kexec/elf_64.c
>>> index 5a569bb51349..02662e72c53d 100644
>>> --- a/arch/powerpc/kexec/elf_64.c
>>> +++ b/arch/powerpc/kexec/elf_64.c
>>> @@ -114,7 +114,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>>   	ret = setup_new_fdt_ppc64(image, fdt, initrd_load_addr,
>>>   				  initrd_len, cmdline);
>>>   	if (ret)
>>> -		goto out;
>>> +		goto out_free_fdt;
>> 
>> Shouldn't there be a goto out_free_fdt if fdt_open_into fails?
>
> You are likely looking at elf_64.c in the mainline branch. The patch I 
> have submitted is based on Rob's device-tree for-next branch. Please see 
> the link below:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git/tree/arch/powerpc/kexec/elf_64.c?h=for-next

That's right, I was indeed looking at the mainline. Sorry for the noise.

Thanks,
Santosh

>
>> 
>>>   
>>>   	fdt_pack(fdt);
>>>   
>>> @@ -125,7 +125,7 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>>   	kbuf.mem = KEXEC_BUF_MEM_UNKNOWN;
>>>   	ret = kexec_add_buffer(&kbuf);
>>>   	if (ret)
>>> -		goto out;
>>> +		goto out_free_fdt;
>>>   
>>>   	/* FDT will be freed in arch_kimage_file_post_load_cleanup */
>>>   	image->arch.fdt = fdt;
>>> @@ -140,18 +140,14 @@ static void *elf64_load(struct kimage *image, char *kernel_buf,
>>>   	if (ret)
>>>   		pr_err("Error setting up the purgatory.\n");
>>>   
>>> +	goto out;
>>> +
>>> +out_free_fdt:
>>> +	kvfree(fdt);
>> 
>> Can just use kfree here?
> "fdt" is allocated through kvmalloc(). So it is freed using kvfree.
>
> thanks,
>   -lakshmi
>
>>>   out:
>>>   	kfree(modified_cmdline);
>>>   	kexec_free_elf_info(&elf_info);
>>>   
>>> -	/*
>>> -	 * Once FDT buffer has been successfully passed to kexec_add_buffer(),
>>> -	 * the FDT buffer address is saved in image->arch.fdt. In that case,
>>> -	 * the memory cannot be freed here in case of any other error.
>>> -	 */
>>> -	if (ret && !image->arch.fdt)
>>> -		kvfree(fdt);
>>> -
>>>   	return ret ? ERR_PTR(ret) : NULL;
>>>   }
>>>   
>>> -- 
>>> 2.31.0

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-20 19:03 [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Lakshmi Ramasubramanian
2021-04-20 19:03 ` [PATCH 2/2] powerpc: If kexec_build_elf_info() fails return immediately from elf64_load() Lakshmi Ramasubramanian
2021-04-21  7:21   ` Michael Ellerman
2021-04-21  5:35 ` [PATCH 1/2] powerpc: Free fdt on error in elf64_load() Santosh Sivaraj
2021-04-21 13:58   ` Lakshmi Ramasubramanian
2021-04-21 14:02     ` Santosh Sivaraj
2021-04-21  7:18 ` Michael Ellerman
2021-04-21 14:01   ` Lakshmi Ramasubramanian

LinuxPPC-Dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linuxppc-dev/0 linuxppc-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linuxppc-dev linuxppc-dev/ https://lore.kernel.org/linuxppc-dev \
		linuxppc-dev@lists.ozlabs.org linuxppc-dev@ozlabs.org
	public-inbox-index linuxppc-dev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.ozlabs.lists.linuxppc-dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git