Re: [PATCH] mtd: ck804xrom: fix missing pci device put in error paths
Hi Miquèl,
Thanks for your feedback.
I have just rechecked this function and find that "pdev" currently is
already put
inside ck804xrom_cleanup, so my previous patch is meaningless...
The current calling order is like:
window->pdev = pci_dev_get(pdev);
...
ck804xrom_cleanup(window)
->
pci_dev_put(window->pdev);
And sorry for bothering you.
Thanks,
James
On Thu, Aug 27, 2020 at 7:46 AM Miquel Raynal wrote:
>
> Hi James,
>
> James Bond wrote on Fri, 21 Aug 2020
> 02:05:36 -0500:
>
> > pci_dev_get increases the refcount of "pdev".
> > In the error paths, pci_dev_put should be called
> > to handle the "pdev" and decrease the corresponding refcount.
> >
> > Fixes: 90afffc8bd79 ("[MTD] [MAPS] Support for BIOS flash chips on the
> > nvidia ck804 southbridge")
> > Signed-off-by: James Bond
> > ---
> > drivers/mtd/maps/ck804xrom.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/mtd/maps/ck804xrom.c b/drivers/mtd/maps/ck804xrom.c
> > index 460494212f6a..16af8b5ee653 100644
> > --- a/drivers/mtd/maps/ck804xrom.c
> > +++ b/drivers/mtd/maps/ck804xrom.c
> > @@ -195,6 +195,7 @@ static int __init ck804xrom_init_one(struct pci_dev
> > *pdev,
> > if (!window->virt) {
> > printk(KERN_ERR MOD_NAME ": ioremap(%08lx, %08lx) failed\n",
> > window->phys, window->size);
> > + pci_dev_put(pdev);
> > goto out;
> > }
> >
> > @@ -222,6 +223,7 @@ static int __init ck804xrom_init_one(struct pci_dev
> > *pdev,
> >
> > if (!map) {
> > printk(KERN_ERR MOD_NAME ": kmalloc failed");
> > + pci_dev_put(pdev);
> > goto out;
> > }
> > memset(map, 0, sizeof(*map));
> > @@ -295,6 +297,7 @@ static int __init ck804xrom_init_one(struct pci_dev
> > *pdev,
> > if (mtd_device_register(map->mtd, NULL, 0)) {
> > map_destroy(map->mtd);
> > map->mtd = NULL;
> > + pci_dev_put(pdev);
> > goto out;
> > }
> >
>
> I suppose in these three cases, the window->maps list will be empty and
> you will end up returning -ENODEV and the bottom of the function? If
> yes, it woudl probably be better to move these pci_dev_put() calls to
> this location.
>
> Otherwise, it might bit interesting to clean up a little bit the error
> path and perhaps have a distinct success vs. failure path.
>
>
> Thanks,
> Miquèl
[PATCH] mtd: ck804xrom: fix missing pci device put in error paths
pci_dev_get increases the refcount of "pdev".
In the error paths, pci_dev_put should be called
to handle the "pdev" and decrease the corresponding refcount.
Fixes: 90afffc8bd79 ("[MTD] [MAPS] Support for BIOS flash chips on the nvidia
ck804 southbridge")
Signed-off-by: James Bond
---
drivers/mtd/maps/ck804xrom.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mtd/maps/ck804xrom.c b/drivers/mtd/maps/ck804xrom.c
index 460494212f6a..16af8b5ee653 100644
--- a/drivers/mtd/maps/ck804xrom.c
+++ b/drivers/mtd/maps/ck804xrom.c
@@ -195,6 +195,7 @@ static int __init ck804xrom_init_one(struct pci_dev *pdev,
if (!window->virt) {
printk(KERN_ERR MOD_NAME ": ioremap(%08lx, %08lx) failed\n",
window->phys, window->size);
+ pci_dev_put(pdev);
goto out;
}
@@ -222,6 +223,7 @@ static int __init ck804xrom_init_one(struct pci_dev *pdev,
if (!map) {
printk(KERN_ERR MOD_NAME ": kmalloc failed");
+ pci_dev_put(pdev);
goto out;
}
memset(map, 0, sizeof(*map));
@@ -295,6 +297,7 @@ static int __init ck804xrom_init_one(struct pci_dev *pdev,
if (mtd_device_register(map->mtd, NULL, 0)) {
map_destroy(map->mtd);
map->mtd = NULL;
+ pci_dev_put(pdev);
goto out;
}
--
2.17.1
[PATCH] tty/vt: fix a memory leak in con_insert_unipair
Syzkaller find a memory leak in con_insert_unipair:
BUG: memory leak
unreferenced object 0x88804893d100 (size 256):
comm "syz-executor.3", pid 16154, jiffies 4295043307 (age 2392.340s)
hex dump (first 32 bytes):
80 af 88 4e 80 88 ff ff 00 a8 88 4e 80 88 ff ff ...N...N
80 ad 88 4e 80 88 ff ff 00 aa 88 4e 80 88 ff ff ...N...N
backtrace:
[<f76ff1de>] kmalloc include/linux/slab.h:555 [inline]
[<f76ff1de>] kmalloc_array include/linux/slab.h:596 [inline]
[<f76ff1de>] con_insert_unipair+0x9e/0x1a0
drivers/tty/vt/consolemap.c:482
[<2f1ad7da>] con_set_unimap+0x244/0x2a0
drivers/tty/vt/consolemap.c:595
[<46ccb106>] do_unimap_ioctl drivers/tty/vt/vt_ioctl.c:297 [inline]
[<46ccb106>] vt_ioctl+0x863/0x12f0 drivers/tty/vt/vt_ioctl.c:1018
[<db1577ff>] tty_ioctl+0x4cd/0xa30 drivers/tty/tty_io.c:2656
[<e5cdf5ed>] vfs_ioctl fs/ioctl.c:48 [inline]
[<e5cdf5ed>] ksys_ioctl+0xa6/0xd0 fs/ioctl.c:753
[<fb4aa12c>] __do_sys_ioctl fs/ioctl.c:762 [inline]
[<fb4aa12c>] __se_sys_ioctl fs/ioctl.c:760 [inline]
[<fb4aa12c>] __x64_sys_ioctl+0x1a/0x20 fs/ioctl.c:760
[<f561f260>] do_syscall_64+0x4c/0xe0 arch/x86/entry/common.c:384
[<56206928>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: leak checking failed
To fix this issue, we need to release the pointer p1 when the call of
the function kmalloc_array fail.
Signed-off-by: James Bond
---
drivers/tty/vt/consolemap.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 5947b54d92be..1e8d06c32ca1 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -489,7 +489,10 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode,
u_short fontpos)
p2 = p1[n = (unicode >> 6) & 0x1f];
if (!p2) {
p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);
- if (!p2) return -ENOMEM;
+ if (!p2) {
+ kfree(p1);
+ return -ENOMEM;
+ }
memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the
characters (yet) */
}
--
2.17.1
[PATCH] firmware: dmi-sysfs: Add clean-up operations to fix refcount leak
According to the documentation of function kobject_init_and_add(),
when this function returns an error, kobject_put() must be called
to properly clean up the memory associated with the object.
Fixes: 925a1da7477f ("firmware: Break out system_event_log in dmi-sysfs")
Signed-off-by: James Bond
---
drivers/firmware/dmi-sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/dmi-sysfs.c b/drivers/firmware/dmi-sysfs.c
index 8b8127fa8955..848b6a0f94eb 100644
--- a/drivers/firmware/dmi-sysfs.c
+++ b/drivers/firmware/dmi-sysfs.c
@@ -457,8 +457,10 @@ static int dmi_system_event_log(struct dmi_sysfs_entry
*entry)
&dmi_system_event_log_ktype,
&entry->kobj,
"system_event_log");
- if (ret)
+ if (ret) {
+ kobject_put(entry->child);
goto out_free;
+ }
ret = sysfs_create_bin_file(entry->child, &dmi_sel_raw_attr);
if (ret)
--
2.17.1
BIG PROBLEM
1-systeme hangs when i try ton compile anything i've compiled the kernel 2.4.4 , once i finish and boot the first time on 2.4.4 everything goses ok , only too problemes 1st- klogd takes 100% CPU time 2nd- cat /proc/cpuinf --guives me too CPU'S without putin any info about the CPU 1 like that approximatively processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping : 3 cpu MHz : 498.672 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips : 992.87 processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : stepping : 3 cpu MHz : cache size : fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 3 wp : yes flags : bogomips : at the second boot it detects correctly CPU0 and CPU1 cat /proc/cpuinfo --> --- processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping: 3 cpu MHz : 498.672 cache size : 512 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips: 992.87 processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping: 3 cpu MHz : 498.672 cache size : 512 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 3 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips: 996.14 cat /proc/version --> Linux version 2.4.4 (root@seraka) (gcc version 2.95.3 20010315 (release)) #2 SMP Thu Jun 28 07:04:06 CEST 2001 cat /proc/modules --> nothing cause im no using modules cat /proc/ioports ----001f : dma1 0020-003f : pic1 0040-005f : timer 0060-006f : keyboard 0080-008f : dma page reg 00a0-00bf : pic2 00c0-00df : dma2 00f0-00ff : fpu 02f8-02ff : serial(auto) 03c0-03df : vga+ 03f8-03ff : serial(auto) 0cf8-0cff : PCI conf1 4000-403f : Intel Corporation 82371AB PIIX4 ACPI 5000-501f : Intel Corporation 82371AB PIIX4 ACPI d000-dfff : PCI Bus #01 e000-e01f : Intel Corporation 82371AB PIIX4 USB e400-e4ff : Adaptec 7892A-0009fbff : System RAM 0009fc00-0009 : reserved 000a-000b : Video RAM area 000c-000c7fff : Video ROM 000cc000-000d25ff : Extension ROM 000d3000-000d87ff : Extension ROM 000f-000f : System ROM 0010-0ffe : System RAM 0010-00245892 : Kernel code 00245893-002ca41f : Kernel data 0fff-0fff2fff : ACPI Non-volatile Storage 0fff3000-0fff : ACPI Tables d800-dbff : Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge dc00-dfff : PCI Bus #01 dc00-dc003fff : Matrox Graphics, Inc. MGA G400 AGP dd00-dd7f : Matrox Graphics, Inc. MGA G400 AGP e000-e1ff : PCI Bus #01 e000-e1ff : Matrox Graphics, Inc. MGA G400 AGP e500-e5007fff : Yamaha Corporation YMF-724 e5008000-e5008fff : Adaptec AHA-2940U2/W e5008000-e5008fff : aic7xxx e5009000-e5009fff : Adaptec 7892A e5009000-e5009fff : aic7xxx fec0-fec00fff : reserved fee0-fee00fff : reserved - : reserved e800-e8ff : Adaptec AHA-2940U2/W ec00-ec1f : 3Com Corporation 3c595 100BaseTX [Vortex] ec00-ec1f : eth0 f000-f00f : Intel Corporation 82371AB PIIX4 IDE --- cat /proc/iomem --->-0009fbff : System RAM 0009fc00-0009 : reserved 000a-000b : Video RAM area 000c-000c7fff : Video ROM 000cc000-000d25ff : Extension ROM 000d3000-000d87ff : Extension ROM 000f-000f : System ROM 0010-0ffe : System RAM 0010-00245892 : Kernel code 00245893-002ca41f : Kernel data 0fff-0fff2fff : ACPI Non-volatile Storage 0fff3000-0fff : ACPI Tables d800-dbff : Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge dc00-dfff : PCI Bus #01 dc00-dc003fff : Matrox Graphics, Inc. MGA G400 AGP dd00-dd7f : Matrox Graphics, Inc. MGA G400 AGP e000-e1ff : PCI Bus #01 e000-e1ff : Matrox Graphics, Inc. MGA G400 AGP e500-e5007fff : Yamaha Corporation YMF-724 e5008000-e5008fff : Ada
