[PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[frowand.list]

From: Frank Rowand <frank.rowand@sony.com>

The Devicetree standard specifies an 8 byte alignment of the FDT.
Code in libfdt expects this alignment for an FDT image in memory.
kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
with kmalloc(), align pointer, memcpy() to get proper alignment.

The 4 byte alignment exposed a related bug which triggered a crash
on openrisc with:
commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
as reported in:
https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/

Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
---
 drivers/of/of_private.h | 2 ++
 drivers/of/overlay.c    | 8 ++++++--
 drivers/of/unittest.c   | 9 +++++++--
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
index d9e6a324de0a..d717efbd637d 100644
--- a/drivers/of/of_private.h
+++ b/drivers/of/of_private.h
@@ -8,6 +8,8 @@
  * Copyright (C) 1996-2005 Paul Mackerras.
  */
 
+#define FDT_ALIGN_SIZE 8
+
 /**
  * struct alias_prop - Alias property in 'aliases' node
  * @link:	List node to link the structure in aliases_lookup list
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 50bbe0edf538..8b40711ed202 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -1014,7 +1014,7 @@ static int of_overlay_apply(const void *fdt, struct device_node *tree,
 int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
 			 int *ovcs_id)
 {
-	const void *new_fdt;
+	void *new_fdt;
 	int ret;
 	u32 size;
 	struct device_node *overlay_root;
@@ -1036,10 +1036,14 @@ int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
 	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
 	 * will create pointers to the passed in FDT in the unflattened tree.
 	 */
-	new_fdt = kmemdup(overlay_fdt, size, GFP_KERNEL);
+	size += FDT_ALIGN_SIZE;
+	new_fdt = kmalloc(size, GFP_KERNEL);
 	if (!new_fdt)
 		return -ENOMEM;
 
+	new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
+	memcpy(new_fdt, overlay_fdt, size);
+
 	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
 	if (!overlay_root) {
 		pr_err("unable to unflatten overlay_fdt\n");
diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
index eb100627c186..edd6ce807691 100644
--- a/drivers/of/unittest.c
+++ b/drivers/of/unittest.c
@@ -22,6 +22,7 @@
 #include <linux/slab.h>
 #include <linux/device.h>
 #include <linux/platform_device.h>
+#include <linux/kernel.h>
 
 #include <linux/i2c.h>
 #include <linux/i2c-mux.h>
@@ -1415,7 +1416,7 @@ static int __init unittest_data_add(void)
 	 */
 	extern uint8_t __dtb_testcases_begin[];
 	extern uint8_t __dtb_testcases_end[];
-	const int size = __dtb_testcases_end - __dtb_testcases_begin;
+	u32 size = __dtb_testcases_end - __dtb_testcases_begin;
 	int rc;
 
 	if (!size) {
@@ -1425,10 +1426,14 @@ static int __init unittest_data_add(void)
 	}
 
 	/* creating copy */
-	unittest_data = kmemdup(__dtb_testcases_begin, size, GFP_KERNEL);
+	size += FDT_ALIGN_SIZE;
+	unittest_data = kmalloc(size, GFP_KERNEL);
 	if (!unittest_data)
 		return -ENOMEM;
 
+	unittest_data = PTR_ALIGN(unittest_data, FDT_ALIGN_SIZE);
+	memcpy(unittest_data, __dtb_testcases_begin, size);
+
 	of_fdt_unflatten_tree(unittest_data, NULL, &unittest_data_node);
 	if (!unittest_data_node) {
 		pr_warn("%s: No tree to attach; not running tests\n", __func__);
-- 
Frank Rowand <frank.rowand@sony.com>

Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Frank Rowand]

Hi Guenter,

On 4/7/21 3:51 PM, frowand.list@gmail.com wrote:
> From: Frank Rowand <frank.rowand@sony.com>
> 
> The Devicetree standard specifies an 8 byte alignment of the FDT.
> Code in libfdt expects this alignment for an FDT image in memory.
> kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
> with kmalloc(), align pointer, memcpy() to get proper alignment.
> 
> The 4 byte alignment exposed a related bug which triggered a crash
> on openrisc with:
> commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
> as reported in:
> https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/

Can you please test this patch?

The most complete coverage will be a config with:

 OF_UNITTEST=y
 OF_OVERLAY=y
 OF_DYNAMIC=y

One path will be missed if you test with:

 #OF_OVERLAY=n
 #OF_DYNAMIC=n

Thanks!

-Frank

> 
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Frank Rowand <frank.rowand@sony.com>
> ---
>  drivers/of/of_private.h | 2 ++
>  drivers/of/overlay.c    | 8 ++++++--
>  drivers/of/unittest.c   | 9 +++++++--
>  3 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
> index d9e6a324de0a..d717efbd637d 100644
> --- a/drivers/of/of_private.h
> +++ b/drivers/of/of_private.h
> @@ -8,6 +8,8 @@
>   * Copyright (C) 1996-2005 Paul Mackerras.
>   */
>  
> +#define FDT_ALIGN_SIZE 8
> +
>  /**
>   * struct alias_prop - Alias property in 'aliases' node
>   * @link:	List node to link the structure in aliases_lookup list
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index 50bbe0edf538..8b40711ed202 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -1014,7 +1014,7 @@ static int of_overlay_apply(const void *fdt, struct device_node *tree,
>  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>  			 int *ovcs_id)
>  {
> -	const void *new_fdt;
> +	void *new_fdt;
>  	int ret;
>  	u32 size;
>  	struct device_node *overlay_root;
> @@ -1036,10 +1036,14 @@ int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>  	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
>  	 * will create pointers to the passed in FDT in the unflattened tree.
>  	 */
> -	new_fdt = kmemdup(overlay_fdt, size, GFP_KERNEL);
> +	size += FDT_ALIGN_SIZE;
> +	new_fdt = kmalloc(size, GFP_KERNEL);
>  	if (!new_fdt)
>  		return -ENOMEM;
>  
> +	new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
> +	memcpy(new_fdt, overlay_fdt, size);
> +
>  	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
>  	if (!overlay_root) {
>  		pr_err("unable to unflatten overlay_fdt\n");
> diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
> index eb100627c186..edd6ce807691 100644
> --- a/drivers/of/unittest.c
> +++ b/drivers/of/unittest.c
> @@ -22,6 +22,7 @@
>  #include <linux/slab.h>
>  #include <linux/device.h>
>  #include <linux/platform_device.h>
> +#include <linux/kernel.h>
>  
>  #include <linux/i2c.h>
>  #include <linux/i2c-mux.h>
> @@ -1415,7 +1416,7 @@ static int __init unittest_data_add(void)
>  	 */
>  	extern uint8_t __dtb_testcases_begin[];
>  	extern uint8_t __dtb_testcases_end[];
> -	const int size = __dtb_testcases_end - __dtb_testcases_begin;
> +	u32 size = __dtb_testcases_end - __dtb_testcases_begin;
>  	int rc;
>  
>  	if (!size) {
> @@ -1425,10 +1426,14 @@ static int __init unittest_data_add(void)
>  	}
>  
>  	/* creating copy */
> -	unittest_data = kmemdup(__dtb_testcases_begin, size, GFP_KERNEL);
> +	size += FDT_ALIGN_SIZE;
> +	unittest_data = kmalloc(size, GFP_KERNEL);
>  	if (!unittest_data)
>  		return -ENOMEM;
>  
> +	unittest_data = PTR_ALIGN(unittest_data, FDT_ALIGN_SIZE);
> +	memcpy(unittest_data, __dtb_testcases_begin, size);
> +
>  	of_fdt_unflatten_tree(unittest_data, NULL, &unittest_data_node);
>  	if (!unittest_data_node) {
>  		pr_warn("%s: No tree to attach; not running tests\n", __func__);
> 

Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Rob Herring]

On Wed, Apr 7, 2021 at 3:51 PM <frowand.list@gmail.com> wrote:
>
> From: Frank Rowand <frank.rowand@sony.com>
>
> The Devicetree standard specifies an 8 byte alignment of the FDT.
> Code in libfdt expects this alignment for an FDT image in memory.
> kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
> with kmalloc(), align pointer, memcpy() to get proper alignment.
>
> The 4 byte alignment exposed a related bug which triggered a crash
> on openrisc with:
> commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
> as reported in:
> https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/
>
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> Signed-off-by: Frank Rowand <frank.rowand@sony.com>
> ---
>  drivers/of/of_private.h | 2 ++
>  drivers/of/overlay.c    | 8 ++++++--
>  drivers/of/unittest.c   | 9 +++++++--
>  3 files changed, 15 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
> index d9e6a324de0a..d717efbd637d 100644
> --- a/drivers/of/of_private.h
> +++ b/drivers/of/of_private.h
> @@ -8,6 +8,8 @@
>   * Copyright (C) 1996-2005 Paul Mackerras.
>   */
>
> +#define FDT_ALIGN_SIZE 8
> +
>  /**
>   * struct alias_prop - Alias property in 'aliases' node
>   * @link:      List node to link the structure in aliases_lookup list
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index 50bbe0edf538..8b40711ed202 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -1014,7 +1014,7 @@ static int of_overlay_apply(const void *fdt, struct device_node *tree,
>  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>                          int *ovcs_id)
>  {
> -       const void *new_fdt;
> +       void *new_fdt;
>         int ret;
>         u32 size;
>         struct device_node *overlay_root;
> @@ -1036,10 +1036,14 @@ int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>          * Must create permanent copy of FDT because of_fdt_unflatten_tree()
>          * will create pointers to the passed in FDT in the unflattened tree.
>          */
> -       new_fdt = kmemdup(overlay_fdt, size, GFP_KERNEL);
> +       size += FDT_ALIGN_SIZE;
> +       new_fdt = kmalloc(size, GFP_KERNEL);
>         if (!new_fdt)
>                 return -ENOMEM;
>
> +       new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
> +       memcpy(new_fdt, overlay_fdt, size);
> +
>         of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
>         if (!overlay_root) {
>                 pr_err("unable to unflatten overlay_fdt\n");
> diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
> index eb100627c186..edd6ce807691 100644
> --- a/drivers/of/unittest.c
> +++ b/drivers/of/unittest.c
> @@ -22,6 +22,7 @@
>  #include <linux/slab.h>
>  #include <linux/device.h>
>  #include <linux/platform_device.h>
> +#include <linux/kernel.h>
>
>  #include <linux/i2c.h>
>  #include <linux/i2c-mux.h>
> @@ -1415,7 +1416,7 @@ static int __init unittest_data_add(void)
>          */
>         extern uint8_t __dtb_testcases_begin[];
>         extern uint8_t __dtb_testcases_end[];
> -       const int size = __dtb_testcases_end - __dtb_testcases_begin;
> +       u32 size = __dtb_testcases_end - __dtb_testcases_begin;
>         int rc;
>
>         if (!size) {
> @@ -1425,10 +1426,14 @@ static int __init unittest_data_add(void)
>         }
>
>         /* creating copy */
> -       unittest_data = kmemdup(__dtb_testcases_begin, size, GFP_KERNEL);
> +       size += FDT_ALIGN_SIZE;
> +       unittest_data = kmalloc(size, GFP_KERNEL);
>         if (!unittest_data)
>                 return -ENOMEM;
>
> +       unittest_data = PTR_ALIGN(unittest_data, FDT_ALIGN_SIZE);
> +       memcpy(unittest_data, __dtb_testcases_begin, size);
> +
>         of_fdt_unflatten_tree(unittest_data, NULL, &unittest_data_node);
>         if (!unittest_data_node) {
>                 pr_warn("%s: No tree to attach; not running tests\n", __func__);

The next line here is a kfree(unittest_data) which I assume will fail
if the ptr address changed. Same issue in the overlay code.

The error path is easy to fix. Freeing the memory later on, not so
much... One solution is always alloc a power of 2 size, that's
guaranteed to be 'size' aligned:

 * The allocated object address is aligned to at least ARCH_KMALLOC_MINALIGN
 * bytes. For @size of power of two bytes, the alignment is also guaranteed
 * to be at least to the size.

Rob

Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Guenter Roeck]

On 4/7/21 1:59 PM, Frank Rowand wrote:
> Hi Guenter,
> 
> On 4/7/21 3:51 PM, frowand.list@gmail.com wrote:
>> From: Frank Rowand <frank.rowand@sony.com>
>>
>> The Devicetree standard specifies an 8 byte alignment of the FDT.
>> Code in libfdt expects this alignment for an FDT image in memory.
>> kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
>> with kmalloc(), align pointer, memcpy() to get proper alignment.
>>
>> The 4 byte alignment exposed a related bug which triggered a crash
>> on openrisc with:
>> commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
>> as reported in:
>> https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/
> 
> Can you please test this patch?
> 

Sure, will do, after you fixed the problem pointed out by Rob.

Sorry, I should have mentioned it - that problem was the reason
why I didn't propose a fix myself.

Guenter

Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Frank Rowand]

On 4/7/21 4:34 PM, Rob Herring wrote:
> On Wed, Apr 7, 2021 at 3:51 PM <frowand.list@gmail.com> wrote:
>>
>> From: Frank Rowand <frank.rowand@sony.com>
>>
>> The Devicetree standard specifies an 8 byte alignment of the FDT.
>> Code in libfdt expects this alignment for an FDT image in memory.
>> kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
>> with kmalloc(), align pointer, memcpy() to get proper alignment.
>>
>> The 4 byte alignment exposed a related bug which triggered a crash
>> on openrisc with:
>> commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
>> as reported in:
>> https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/
>>
>> Reported-by: Guenter Roeck <linux@roeck-us.net>
>> Signed-off-by: Frank Rowand <frank.rowand@sony.com>
>> ---
>>  drivers/of/of_private.h | 2 ++
>>  drivers/of/overlay.c    | 8 ++++++--
>>  drivers/of/unittest.c   | 9 +++++++--
>>  3 files changed, 15 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
>> index d9e6a324de0a..d717efbd637d 100644
>> --- a/drivers/of/of_private.h
>> +++ b/drivers/of/of_private.h
>> @@ -8,6 +8,8 @@
>>   * Copyright (C) 1996-2005 Paul Mackerras.
>>   */
>>
>> +#define FDT_ALIGN_SIZE 8
>> +
>>  /**
>>   * struct alias_prop - Alias property in 'aliases' node
>>   * @link:      List node to link the structure in aliases_lookup list
>> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
>> index 50bbe0edf538..8b40711ed202 100644
>> --- a/drivers/of/overlay.c
>> +++ b/drivers/of/overlay.c
>> @@ -1014,7 +1014,7 @@ static int of_overlay_apply(const void *fdt, struct device_node *tree,
>>  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>>                          int *ovcs_id)
>>  {
>> -       const void *new_fdt;
>> +       void *new_fdt;
>>         int ret;
>>         u32 size;
>>         struct device_node *overlay_root;
>> @@ -1036,10 +1036,14 @@ int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
>>          * Must create permanent copy of FDT because of_fdt_unflatten_tree()
>>          * will create pointers to the passed in FDT in the unflattened tree.
>>          */
>> -       new_fdt = kmemdup(overlay_fdt, size, GFP_KERNEL);
>> +       size += FDT_ALIGN_SIZE;
>> +       new_fdt = kmalloc(size, GFP_KERNEL);
>>         if (!new_fdt)
>>                 return -ENOMEM;
>>
>> +       new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
>> +       memcpy(new_fdt, overlay_fdt, size);
>> +
>>         of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
>>         if (!overlay_root) {
>>                 pr_err("unable to unflatten overlay_fdt\n");
>> diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
>> index eb100627c186..edd6ce807691 100644
>> --- a/drivers/of/unittest.c
>> +++ b/drivers/of/unittest.c
>> @@ -22,6 +22,7 @@
>>  #include <linux/slab.h>
>>  #include <linux/device.h>
>>  #include <linux/platform_device.h>
>> +#include <linux/kernel.h>
>>
>>  #include <linux/i2c.h>
>>  #include <linux/i2c-mux.h>
>> @@ -1415,7 +1416,7 @@ static int __init unittest_data_add(void)
>>          */
>>         extern uint8_t __dtb_testcases_begin[];
>>         extern uint8_t __dtb_testcases_end[];
>> -       const int size = __dtb_testcases_end - __dtb_testcases_begin;
>> +       u32 size = __dtb_testcases_end - __dtb_testcases_begin;
>>         int rc;
>>
>>         if (!size) {
>> @@ -1425,10 +1426,14 @@ static int __init unittest_data_add(void)
>>         }
>>
>>         /* creating copy */
>> -       unittest_data = kmemdup(__dtb_testcases_begin, size, GFP_KERNEL);
>> +       size += FDT_ALIGN_SIZE;
>> +       unittest_data = kmalloc(size, GFP_KERNEL);
>>         if (!unittest_data)
>>                 return -ENOMEM;
>>
>> +       unittest_data = PTR_ALIGN(unittest_data, FDT_ALIGN_SIZE);
>> +       memcpy(unittest_data, __dtb_testcases_begin, size);
>> +
>>         of_fdt_unflatten_tree(unittest_data, NULL, &unittest_data_node);
>>         if (!unittest_data_node) {
>>                 pr_warn("%s: No tree to attach; not running tests\n", __func__);
> 
> The next line here is a kfree(unittest_data) which I assume will fail
> if the ptr address changed. Same issue in the overlay code.

Thanks for catching this.

> 
> The error path is easy to fix. Freeing the memory later on, not so
> much... 

The overlay subsystem retains ownership of the allocated memory and
responsibility for any subsequent kfree(), so actually not very
difficult.

New version of the patch should be out this morning.

-Frank

> One solution is always alloc a power of 2 size, that's
> guaranteed to be 'size' aligned:
> 
>  * The allocated object address is aligned to at least ARCH_KMALLOC_MINALIGN
>  * bytes. For @size of power of two bytes, the alignment is also guaranteed
>  * to be at least to the size.
> 
> Rob
> .
> 

Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Frank Rowand]

On 4/7/21 5:01 PM, Guenter Roeck wrote:
> On 4/7/21 1:59 PM, Frank Rowand wrote:
>> Hi Guenter,
>>
>> On 4/7/21 3:51 PM, frowand.list@gmail.com wrote:
>>> From: Frank Rowand <frank.rowand@sony.com>
>>>
>>> The Devicetree standard specifies an 8 byte alignment of the FDT.
>>> Code in libfdt expects this alignment for an FDT image in memory.
>>> kmemdup() returns 4 byte alignment on openrisc.  Replace kmemdup()
>>> with kmalloc(), align pointer, memcpy() to get proper alignment.
>>>
>>> The 4 byte alignment exposed a related bug which triggered a crash
>>> on openrisc with:
>>> commit 79edff12060f ("scripts/dtc: Update to upstream version v1.6.0-51-g183df9e9c2b9")
>>> as reported in:
>>> https://lore.kernel.org/lkml/20210327224116.69309-1-linux@roeck-us.net/
>>
>> Can you please test this patch?
>>
> 
> Sure, will do, after you fixed the problem pointed out by Rob.
> 
> Sorry, I should have mentioned it - that problem was the reason
> why I didn't propose a fix myself.

No problem, I was aware of the issue but then spaced on actually
dealing with it.

- Space Cadet Frank

> 
> Guenter
> 

[kbuild] Re: [PATCH 1/1] of: unittest: overlay: ensure proper alignment of copied FDT

[Dan Carpenter]

[-- Attachment #1: Type: text/plain, Size: 5125 bytes --]

Hi,

url:    https://github.com/0day-ci/linux/commits/frowand-list-gmail-com/of-unittest-overlay-ensure-proper-alignment-of-copied-FDT/20210408-045317 
base:   https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git  for-next
config: i386-randconfig-m021-20210407 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/of/overlay.c:1045 of_overlay_fdt_apply() warn: overwrite may leak 'new_fdt'

vim +/new_fdt +1045 drivers/of/overlay.c

39a751a4cb7e47 Frank Rowand      2018-02-12  1015  int of_overlay_fdt_apply(const void *overlay_fdt, u32 overlay_fdt_size,
39a751a4cb7e47 Frank Rowand      2018-02-12  1016  			 int *ovcs_id)
39a751a4cb7e47 Frank Rowand      2018-02-12  1017  {
7a18fbf9013a19 Frank Rowand      2021-04-07  1018  	void *new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1019  	int ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1020  	u32 size;
39a751a4cb7e47 Frank Rowand      2018-02-12  1021  	struct device_node *overlay_root;
39a751a4cb7e47 Frank Rowand      2018-02-12  1022  
39a751a4cb7e47 Frank Rowand      2018-02-12  1023  	*ovcs_id = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1024  	ret = 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1025  
39a751a4cb7e47 Frank Rowand      2018-02-12  1026  	if (overlay_fdt_size < sizeof(struct fdt_header) ||
39a751a4cb7e47 Frank Rowand      2018-02-12  1027  	    fdt_check_header(overlay_fdt)) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1028  		pr_err("Invalid overlay_fdt header\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1029  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1030  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1031  
39a751a4cb7e47 Frank Rowand      2018-02-12  1032  	size = fdt_totalsize(overlay_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1033  	if (overlay_fdt_size < size)
39a751a4cb7e47 Frank Rowand      2018-02-12  1034  		return -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1035  
39a751a4cb7e47 Frank Rowand      2018-02-12  1036  	/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1037  	 * Must create permanent copy of FDT because of_fdt_unflatten_tree()
39a751a4cb7e47 Frank Rowand      2018-02-12  1038  	 * will create pointers to the passed in FDT in the unflattened tree.
39a751a4cb7e47 Frank Rowand      2018-02-12  1039  	 */
7a18fbf9013a19 Frank Rowand      2021-04-07  1040  	size += FDT_ALIGN_SIZE;
7a18fbf9013a19 Frank Rowand      2021-04-07  1041  	new_fdt = kmalloc(size, GFP_KERNEL);
39a751a4cb7e47 Frank Rowand      2018-02-12  1042  	if (!new_fdt)
39a751a4cb7e47 Frank Rowand      2018-02-12  1043  		return -ENOMEM;
39a751a4cb7e47 Frank Rowand      2018-02-12  1044  
7a18fbf9013a19 Frank Rowand      2021-04-07 @1045  	new_fdt = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
                                                        ^^^^^^^
We're not freeing the exact same pointer that we allocated.

7a18fbf9013a19 Frank Rowand      2021-04-07  1046  	memcpy(new_fdt, overlay_fdt, size);
7a18fbf9013a19 Frank Rowand      2021-04-07  1047  
39a751a4cb7e47 Frank Rowand      2018-02-12  1048  	of_fdt_unflatten_tree(new_fdt, NULL, &overlay_root);
39a751a4cb7e47 Frank Rowand      2018-02-12  1049  	if (!overlay_root) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1050  		pr_err("unable to unflatten overlay_fdt\n");
39a751a4cb7e47 Frank Rowand      2018-02-12  1051  		ret = -EINVAL;
39a751a4cb7e47 Frank Rowand      2018-02-12  1052  		goto out_free_new_fdt;
39a751a4cb7e47 Frank Rowand      2018-02-12  1053  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1054  
39a751a4cb7e47 Frank Rowand      2018-02-12  1055  	ret = of_overlay_apply(new_fdt, overlay_root, ovcs_id);
39a751a4cb7e47 Frank Rowand      2018-02-12  1056  	if (ret < 0) {
39a751a4cb7e47 Frank Rowand      2018-02-12  1057  		/*
39a751a4cb7e47 Frank Rowand      2018-02-12  1058  		 * new_fdt and overlay_root now belong to the overlay
39a751a4cb7e47 Frank Rowand      2018-02-12  1059  		 * changeset.
39a751a4cb7e47 Frank Rowand      2018-02-12  1060  		 * overlay changeset code is responsible for freeing them.
39a751a4cb7e47 Frank Rowand      2018-02-12  1061  		 */
39a751a4cb7e47 Frank Rowand      2018-02-12  1062  		goto out;
39a751a4cb7e47 Frank Rowand      2018-02-12  1063  	}
39a751a4cb7e47 Frank Rowand      2018-02-12  1064  
39a751a4cb7e47 Frank Rowand      2018-02-12  1065  	return 0;
39a751a4cb7e47 Frank Rowand      2018-02-12  1066  
39a751a4cb7e47 Frank Rowand      2018-02-12  1067  
39a751a4cb7e47 Frank Rowand      2018-02-12  1068  out_free_new_fdt:
39a751a4cb7e47 Frank Rowand      2018-02-12  1069  	kfree(new_fdt);
39a751a4cb7e47 Frank Rowand      2018-02-12  1070  
39a751a4cb7e47 Frank Rowand      2018-02-12  1071  out:
39a751a4cb7e47 Frank Rowand      2018-02-12  1072  	return ret;
39a751a4cb7e47 Frank Rowand      2018-02-12  1073  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org 

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 34729 bytes --]

[-- Attachment #3: Type: text/plain, Size: 149 bytes --]

_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-leave@lists.01.org