| Message ID | 20230408081934.54002-1-chenaotian2@163.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [PATH,wpan,v2] ieee802154: hwsim: Fix possible memory leaks | expand |
Hi Chen,
kernel test robot noticed the following build errors:
[auto build test ERROR on net-next/main]
[also build test ERROR on net/main linus/master v6.3-rc5 next-20230406]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Chen-Aotian/ieee802154-hwsim-Fix-possible-memory-leaks/20230408-162130
patch link: https://lore.kernel.org/r/20230408081934.54002-1-chenaotian2%40163.com
patch subject: [PATH wpan v2] ieee802154: hwsim: Fix possible memory leaks
config: hexagon-randconfig-r015-20230406 (https://download.01.org/0day-ci/archive/20230408/202304081742.rOfPXJln-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project 2c57868e2e877f73c339796c3374ae660bb77f0d)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/1a9fcf2d1438f9603039670041da5ed90471a4e5
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Chen-Aotian/ieee802154-hwsim-Fix-possible-memory-leaks/20230408-162130
git checkout 1a9fcf2d1438f9603039670041da5ed90471a4e5
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash drivers/net/ieee802154/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202304081742.rOfPXJln-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from drivers/net/ieee802154/mac802154_hwsim.c:17:
In file included from include/linux/rtnetlink.h:7:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:17:
In file included from include/linux/bvec.h:10:
In file included from include/linux/highmem.h:12:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) ((__force __u16)(__le16)(x))
^
In file included from drivers/net/ieee802154/mac802154_hwsim.c:17:
In file included from include/linux/rtnetlink.h:7:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:17:
In file included from include/linux/bvec.h:10:
In file included from include/linux/highmem.h:12:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
^
In file included from drivers/net/ieee802154/mac802154_hwsim.c:17:
In file included from include/linux/rtnetlink.h:7:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:17:
In file included from include/linux/bvec.h:10:
In file included from include/linux/highmem.h:12:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
>> drivers/net/ieee802154/mac802154_hwsim.c:727:21: error: incompatible pointer types passing 'struct mutex *' to parameter of type 'const struct lockdep_map *' [-Werror,-Wincompatible-pointer-types]
lock_is_held(&hwsim_phys_lock));
^~~~~~~~~~~~~~~~
include/linux/rcupdate.h:542:60: note: expanded from macro 'rcu_replace_pointer'
typeof(ptr) __tmp = rcu_dereference_protected((rcu_ptr), (c)); \
^
include/linux/rcupdate.h:673:54: note: expanded from macro 'rcu_dereference_protected'
__rcu_dereference_protected((p), __UNIQUE_ID(rcu), (c), __rcu)
^
include/linux/rcupdate.h:469:21: note: expanded from macro '__rcu_dereference_protected'
RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_protected() usage"); \
^
include/linux/rcupdate.h:389:39: note: expanded from macro 'RCU_LOCKDEP_WARN'
if (debug_lockdep_rcu_enabled() && (c) && \
^
include/linux/lockdep.h:281:58: note: passing argument to parameter 'lock' here
static inline int lock_is_held(const struct lockdep_map *lock)
^
6 warnings and 1 error generated.
vim +727 drivers/net/ieee802154/mac802154_hwsim.c
684
685 static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info)
686 {
687 struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1];
688 struct hwsim_edge_info *einfo, *einfo_old;
689 struct hwsim_phy *phy_v0;
690 struct hwsim_edge *e;
691 u32 v0, v1;
692 u8 lqi;
693
694 if (!info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID] ||
695 !info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE])
696 return -EINVAL;
697
698 if (nla_parse_nested_deprecated(edge_attrs, MAC802154_HWSIM_EDGE_ATTR_MAX, info->attrs[MAC802154_HWSIM_ATTR_RADIO_EDGE], hwsim_edge_policy, NULL))
699 return -EINVAL;
700
701 if (!edge_attrs[MAC802154_HWSIM_EDGE_ATTR_ENDPOINT_ID] ||
702 !edge_attrs[MAC802154_HWSIM_EDGE_ATTR_LQI])
703 return -EINVAL;
704
705 v0 = nla_get_u32(info->attrs[MAC802154_HWSIM_ATTR_RADIO_ID]);
706 v1 = nla_get_u32(edge_attrs[MAC802154_HWSIM_EDGE_ATTR_ENDPOINT_ID]);
707 lqi = nla_get_u8(edge_attrs[MAC802154_HWSIM_EDGE_ATTR_LQI]);
708
709 mutex_lock(&hwsim_phys_lock);
710 phy_v0 = hwsim_get_radio_by_id(v0);
711 if (!phy_v0) {
712 mutex_unlock(&hwsim_phys_lock);
713 return -ENOENT;
714 }
715
716 einfo = kzalloc(sizeof(*einfo), GFP_KERNEL);
717 if (!einfo) {
718 mutex_unlock(&hwsim_phys_lock);
719 return -ENOMEM;
720 }
721
722 rcu_read_lock();
723 list_for_each_entry_rcu(e, &phy_v0->edges, list) {
724 if (e->endpoint->idx == v1) {
725 einfo->lqi = lqi;
726 einfo_old = rcu_replace_pointer(e->info, einfo,
> 727 lock_is_held(&hwsim_phys_lock));
728 rcu_read_unlock();
729 kfree_rcu(einfo_old, rcu);
730 mutex_unlock(&hwsim_phys_lock);
731 return 0;
732 }
733 }
734 rcu_read_unlock();
735
736 kfree(einfo);
737 mutex_unlock(&hwsim_phys_lock);
738
739 return -ENOENT;
740 }
741
Hi, On Sat, Apr 8, 2023 at 4:22 AM Chen Aotian <chenaotian2@163.com> wrote: > > After replacing e->info, it is necessary to free the old einfo. > > Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") > Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> > Signed-off-by: Chen Aotian <chenaotian2@163.com> > --- > > V1 -> V2: > * Using rcu_replace_pointer() is better then rcu_dereference() > and rcu_assign_pointer(). > > drivers/net/ieee802154/mac802154_hwsim.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > index 8445c2189..6ffcadb9d 100644 > --- a/drivers/net/ieee802154/mac802154_hwsim.c > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > { > struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; > - struct hwsim_edge_info *einfo; > + struct hwsim_edge_info *einfo, *einfo_old; > struct hwsim_phy *phy_v0; > struct hwsim_edge *e; > u32 v0, v1; > @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > list_for_each_entry_rcu(e, &phy_v0->edges, list) { > if (e->endpoint->idx == v1) { > einfo->lqi = lqi; > - rcu_assign_pointer(e->info, einfo); > + einfo_old = rcu_replace_pointer(e->info, einfo, > + lock_is_held(&hwsim_phys_lock)); I think lockdep_is_held() should be correct here. - Alex
diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c index 8445c2189..6ffcadb9d 100644 --- a/drivers/net/ieee802154/mac802154_hwsim.c +++ b/drivers/net/ieee802154/mac802154_hwsim.c @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) { struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; - struct hwsim_edge_info *einfo; + struct hwsim_edge_info *einfo, *einfo_old; struct hwsim_phy *phy_v0; struct hwsim_edge *e; u32 v0, v1; @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) list_for_each_entry_rcu(e, &phy_v0->edges, list) { if (e->endpoint->idx == v1) { einfo->lqi = lqi; - rcu_assign_pointer(e->info, einfo); + einfo_old = rcu_replace_pointer(e->info, einfo, + lock_is_held(&hwsim_phys_lock)); rcu_read_unlock(); + kfree_rcu(einfo_old, rcu); mutex_unlock(&hwsim_phys_lock); return 0; }
After replacing e->info, it is necessary to free the old einfo. Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Signed-off-by: Chen Aotian <chenaotian2@163.com> --- V1 -> V2: * Using rcu_replace_pointer() is better then rcu_dereference() and rcu_assign_pointer(). drivers/net/ieee802154/mac802154_hwsim.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)