linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/2] of: overlay: fix properties memory leak
@ 2019-11-18 13:28 Vincent Whitchurch
  2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
  2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand
  0 siblings, 2 replies; 4+ messages in thread
From: Vincent Whitchurch @ 2019-11-18 13:28 UTC (permalink / raw)
  To: pantelis.antoniou, frowand.list, robh+dt
  Cc: devicetree, linux-kernel, Vincent Whitchurch

No changeset entries are created for #address-cells and #size-cells
properties, but the duplicated properies are never freed.  This results
in a memory leak which is detected by kmemleak:

 unreferenced object 0x85887180 (size 64):
   backtrace:
     kmem_cache_alloc_trace+0x1fb/0x1fc
     __of_prop_dup+0x25/0x7c
     add_changeset_property+0x17f/0x370
     build_changeset_next_level+0x29/0x20c
     of_overlay_fdt_apply+0x32b/0x6b4
     ...

Fixes: 6f75118800acf77f8 ("of: overlay: validate overlay properties #address-cells and #size-cells")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
---
 drivers/of/overlay.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index c423e94baf0f..5f8869e2a8b3 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -360,7 +360,7 @@ static int add_changeset_property(struct overlay_changeset *ovcs,
 		pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
 		       target->np, new_prop->name);
 
-	if (ret) {
+	if (ret || !check_for_non_overlay_node) {
 		kfree(new_prop->name);
 		kfree(new_prop->value);
 		kfree(new_prop);
-- 
2.20.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] of: overlay: fix target_path memory leak
  2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
@ 2019-11-18 13:28 ` Vincent Whitchurch
  2019-11-21 17:37   ` Frank Rowand
  2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand
  1 sibling, 1 reply; 4+ messages in thread
From: Vincent Whitchurch @ 2019-11-18 13:28 UTC (permalink / raw)
  To: pantelis.antoniou, frowand.list, robh+dt
  Cc: devicetree, linux-kernel, Vincent Whitchurch

target_path is used as a temporary buffer in dup_and_fixup_symbol_prop()
and should be freed even in the success path.

This was detected by kmemleak.

 unreferenced object 0x8598f6c0 (size 64):
   backtrace:
     __kmalloc_track_caller+0x17d/0x228
     kvasprintf+0x2b/0x64
     kasprintf+0x15/0x20
     add_changeset_property+0x225/0x364
     of_overlay_fdt_apply+0x42d/0x6b4
     ...

Fixes: e0a58f3e08d4b7fa ("of: overlay: remove a dependency on device node full_name")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
---
 drivers/of/overlay.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 5f8869e2a8b3..59455322a130 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -261,6 +261,8 @@ static struct property *dup_and_fixup_symbol_prop(
 
 	of_property_set_flag(new_prop, OF_DYNAMIC);
 
+	kfree(target_path);
+
 	return new_prop;
 
 err_free_new_prop:
-- 
2.20.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] of: overlay: fix properties memory leak
  2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
  2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
@ 2019-11-21 16:55 ` Frank Rowand
  1 sibling, 0 replies; 4+ messages in thread
From: Frank Rowand @ 2019-11-21 16:55 UTC (permalink / raw)
  To: Vincent Whitchurch, pantelis.antoniou, robh+dt
  Cc: devicetree, linux-kernel, Vincent Whitchurch

Hi Vincent,

On 11/18/19 7:28 AM, Vincent Whitchurch wrote:
> No changeset entries are created for #address-cells and #size-cells
> properties, but the duplicated properies are never freed.  This results
> in a memory leak which is detected by kmemleak:
> 
>  unreferenced object 0x85887180 (size 64):
>    backtrace:
>      kmem_cache_alloc_trace+0x1fb/0x1fc
>      __of_prop_dup+0x25/0x7c
>      add_changeset_property+0x17f/0x370
>      build_changeset_next_level+0x29/0x20c
>      of_overlay_fdt_apply+0x32b/0x6b4
>      ...
> 
> Fixes: 6f75118800acf77f8 ("of: overlay: validate overlay properties #address-cells and #size-cells")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
> ---
>  drivers/of/overlay.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index c423e94baf0f..5f8869e2a8b3 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -360,7 +360,7 @@ static int add_changeset_property(struct overlay_changeset *ovcs,
>  		pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
>  		       target->np, new_prop->name);
>  
> -	if (ret) {
> +	if (ret || !check_for_non_overlay_node) {
>  		kfree(new_prop->name);
>  		kfree(new_prop->value);
>  		kfree(new_prop);
> 

Thanks for finding and proposing a fix for the memory leak.

The proposed patch conveniently uses check_for_non_overlay_node
which leads to a nice small patch.  But ends up adding an
additional hidden meaning to the variable, resulting in more
fragile code.

I will propose a different solution and ask you to test it
to make sure it also solves the memory leak.

-Frank

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] of: overlay: fix target_path memory leak
  2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
@ 2019-11-21 17:37   ` Frank Rowand
  0 siblings, 0 replies; 4+ messages in thread
From: Frank Rowand @ 2019-11-21 17:37 UTC (permalink / raw)
  To: Vincent Whitchurch, pantelis.antoniou, robh+dt
  Cc: devicetree, linux-kernel, Vincent Whitchurch

Hi Rob,

On 11/18/19 7:28 AM, Vincent Whitchurch wrote:
> target_path is used as a temporary buffer in dup_and_fixup_symbol_prop()
> and should be freed even in the success path.
> 
> This was detected by kmemleak.
> 
>  unreferenced object 0x8598f6c0 (size 64):
>    backtrace:
>      __kmalloc_track_caller+0x17d/0x228
>      kvasprintf+0x2b/0x64
>      kasprintf+0x15/0x20
>      add_changeset_property+0x225/0x364
>      of_overlay_fdt_apply+0x42d/0x6b4
>      ...
> 
> Fixes: e0a58f3e08d4b7fa ("of: overlay: remove a dependency on device node full_name")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
> ---
>  drivers/of/overlay.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index 5f8869e2a8b3..59455322a130 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -261,6 +261,8 @@ static struct property *dup_and_fixup_symbol_prop(
>  
>  	of_property_set_flag(new_prop, OF_DYNAMIC);
>  
> +	kfree(target_path);
> +
>  	return new_prop;
>  
>  err_free_new_prop:
> 

Reviewed-by: Frank Rowand <frowand.list@gmail.com>

I would suggest changing the subject to:

   of: overlay: dup_and_fixup_symbol_prop() memory leak

but I am also fine with you not changing the subject.

-Frank

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-21 17:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
2019-11-21 17:37   ` Frank Rowand
2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).