On 11/10/20 6:08 AM, Nathan Lynch wrote:
> Zhang Xiaoxu <zhangxiao...@huawei.com> writes:
>> From: zhangxiaoxu <zhangxiao...@huawei.com>
>>
>> If the cpus nodes not exist, we lost to free the 'cpu_drcs', which
>> will leak memory.
>>
>> Fixes: a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in
>> error path")
>> Reported-by: Hulk Robot <hul...@huawei.com>
>> Signed-off-by: zhangxiaoxu <zhangxiao...@huawei.com>
>> ---
>> arch/powerpc/platforms/pseries/hotplug-cpu.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c
>> b/arch/powerpc/platforms/pseries/hotplug-cpu.c
>> index f2837e33bf5d..4bb1c9f2bb11 100644
>> --- a/arch/powerpc/platforms/pseries/hotplug-cpu.c
>> +++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c
>> @@ -743,6 +743,7 @@ static int dlpar_cpu_add_by_count(u32 cpus_to_add)
>> parent = of_find_node_by_path("/cpus");
>> if (!parent) {
>> pr_warn("Could not find CPU root node in device tree\n");
>> + kfree(cpu_drcs);
>> return -1;
>> }
>
> Thanks for finding this.
>
> a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in error
> path") was posted in Sept 2019 but was not applied until July 2020:
>
> https://lore.kernel.org/linuxppc-dev/20190919231633.1344-1-nath...@linux.ibm.com/
>
> Here is that change as posted; note the function context is
> find_dlpar_cpus_to_add(), not dlpar_cpu_add_by_count():
>
> --- a/arch/powerpc/platforms/pseries/hotplug-cpu.c
> +++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c
> @@ -726,7 +726,6 @@ static int find_dlpar_cpus_to_add(u32 *cpu_drcs, u32
> cpus_to_add)
> parent = of_find_node_by_path("/cpus");
> if (!parent) {
> pr_warn("Could not find CPU root node in device tree\n");
> - kfree(cpu_drcs);
> return -1;
> }
>
> Meanwhile b015f6bc9547dbc056edde7177c7868ca8629c4c ("powerpc/pseries: Add
> cpu DLPAR support for drc-info property") was posted in Nov 2019 and
> committed a few days later:
>
> https://lore.kernel.org/linux-pci/1573449697-5448-4-git-send-email-tyr...@linux.ibm.com/
>
> This change reorganized the same code, removing
> find_dlpar_cpus_to_add(), and it had the effect of fixing the same
> issue.
>
> However git apparently allowed the older change to still apply on top of
> this (changing a function different from the one in the original
> patch!), leading to a real bug.
Yikes, not sure how that happened without either the committer massaging the
patch to apply, or the line location and context matching exactly.
>
> Your patch is correct but it should be framed as a revert of
> a0ff72f9f5a7 with this context in the commit message.
>
Agreed, in reality we want to revert a patch that shouldn't have been applied.
-Tyrel
