[PATCH 4.4 45/60] irqchip/gicv3-its: Fix memory leak in its_free_tables()

From: Greg Kroah-Hartman
Date: Thu Sep 13 2018 - 09:33:38 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 46/60] irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size"
Previous message: Guenter Roeck: "Re: [PATCH i2c-next v6] i2c: aspeed: Handle master/slave combined irq events properly"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 44/60] irqchip/gic-v3-its: Recompute the number of pages on page size change"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 46/60] irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Shanker Donthineni <shankerd@xxxxxxxxxxxxxx>

commit 1a485f4d2e28efd77075b2952926683d6c245633 upstream.

The current ITS driver has a memory leak in its_free_tables(). It
happens on tear down path of the driver when its_probe() call fails.
its_free_tables() should free the exact number of pages that have
been allocated, not just a single page as current code does.

This patch records the memory size for each ITS_BASERn at the time of
page allocation and uses the same size information when freeing pages
to fix the issue.

Signed-off-by: Shanker Donthineni <shankerd@xxxxxxxxxxxxxx>
Acked-by: Marc Zyngier <marc.zyngier@xxxxxxx>
Cc: Jason Cooper <jason@xxxxxxxxxxxxxx>
Cc: Vikram Sethi <vikrams@xxxxxxxxxxxxxx>
Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
Link: http://lkml.kernel.org/r/1454379584-21772-1-git-send-email-shankerd@xxxxxxxxxxxxxx
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Signed-off-by: Hanjun Guo <hanjun.guo@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/irqchip/irq-gic-v3-its.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)

--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -67,7 +67,10 @@ struct its_node {
unsigned long phys_base;
struct its_cmd_block *cmd_base;
struct its_cmd_block *cmd_write;
- void *tables[GITS_BASER_NR_REGS];
+ struct {
+ void *base;
+ u32 order;
+ } tables[GITS_BASER_NR_REGS];
struct its_collection *collections;
struct list_head its_device_list;
u64 flags;
@@ -816,9 +819,10 @@ static void its_free_tables(struct its_n
int i;

for (i = 0; i < GITS_BASER_NR_REGS; i++) {
- if (its->tables[i]) {
- free_page((unsigned long)its->tables[i]);
- its->tables[i] = NULL;
+ if (its->tables[i].base) {
+ free_pages((unsigned long)its->tables[i].base,
+ its->tables[i].order);
+ its->tables[i].base = NULL;
}
}
}
@@ -899,7 +903,8 @@ retry_alloc_baser:
goto out_free;
}

- its->tables[i] = base;
+ its->tables[i].base = base;
+ its->tables[i].order = order;

retry_baser:
val = (virt_to_phys(base) |
@@ -949,7 +954,7 @@ retry_baser:
* something is horribly wrong...
*/
free_pages((unsigned long)base, order);
- its->tables[i] = NULL;
+ its->tables[i].base = NULL;

switch (psz) {
case SZ_16K:

Next message: Greg Kroah-Hartman: "[PATCH 4.4 46/60] irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size"
Previous message: Guenter Roeck: "Re: [PATCH i2c-next v6] i2c: aspeed: Handle master/slave combined irq events properly"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 44/60] irqchip/gic-v3-its: Recompute the number of pages on page size change"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 46/60] irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]