From patchwork Thu Mar 10 01:53:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ammar Faizi X-Patchwork-Id: 12775790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2D89C433EF for ; Thu, 10 Mar 2022 01:53:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232295AbiCJByx (ORCPT ); Wed, 9 Mar 2022 20:54:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232971AbiCJByw (ORCPT ); Wed, 9 Mar 2022 20:54:52 -0500 Received: from gnuweeb.org (gnuweeb.org [51.81.211.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 245FC128592; Wed, 9 Mar 2022 17:53:53 -0800 (PST) Received: from integral2.. (unknown [114.10.7.234]) by gnuweeb.org (Postfix) with ESMTPSA id 138147E2D7; Thu, 10 Mar 2022 01:53:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1646877232; bh=k4b/gnTPXj7jVItm9sqkob63bVPtxz95JpsUqhVzIvw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KJ9w89Xw36tW+P7fsFcWottfGTayDR72m4AEw+oygIZnUbrHJXoITtxAgjU5tkW4E Uh5aqucDJd74GzwLm/RZ2vJLjiWHqIwkotxVdSr8iSnefl96NsEeXNy8ioWSfK9TPT CcZf25Unrb8Ma4+ovJaFJ1yK8qg52lUt1WyNAOutCYgtrckvc80t9vYqE+K+eZiJiM Cdb5PsDDnAXhXvVHDestgGZjGqyQwlh/3cwqHI5ODq8DrPn/QTt9RWEpT45WYzN2Va 6YlGszkZWVHxI31eN0lKD9fQolTt56irJGg2A/RzjvChgHP5mQ/Gh/Q2dXeviID6dT ZIo8h0n/ZEWnA== From: Ammar Faizi To: Borislav Petkov , Thomas Gleixner Cc: Ammar Faizi , Alviro Iskandar Setiawan , Alviro Iskandar Setiawan , Dave Hansen , Greg Kroah-Hartman , "H. Peter Anvin" , Ingo Molnar , Tony Luck , Yazen Ghannam , linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, gwml@vger.gnuweeb.org, x86@kernel.org, David Laight , Jiri Hladky Subject: [PATCH v5 1/2] x86/delay: Fix the wrong asm constraint in `delay_loop()` Date: Thu, 10 Mar 2022 08:53:05 +0700 Message-Id: <20220310015306.445359-2-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220310015306.445359-1-ammarfaizi2@gnuweeb.org> References: <20220310015306.445359-1-ammarfaizi2@gnuweeb.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-edac@vger.kernel.org The asm constraint does not reflect that the asm statement can modify the value of @loops. But the asm statement in delay_loop() does modify the @loops. Specifiying the wrong constraint may lead to undefined behavior, it may clobber random stuff (e.g. local variable, important temporary value in regs, etc.). Fix this by changing the constraint from "a" (as an input) to "+a" (as an input and output). Cc: David Laight Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: "H. Peter Anvin" Cc: Jiri Hladky Cc: stable@vger.kernel.org # v2.6.27+ Fixes: e01b70ef3eb ("x86: fix bug in arch/i386/lib/delay.c file, delay_loop function") Signed-off-by: Ammar Faizi --- arch/x86/lib/delay.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c index 65d15df6212d..0e65d00e2339 100644 --- a/arch/x86/lib/delay.c +++ b/arch/x86/lib/delay.c @@ -54,8 +54,8 @@ static void delay_loop(u64 __loops) " jnz 2b \n" "3: dec %0 \n" - : /* we don't need output */ - :"a" (loops) + : "+a" (loops) + : ); } From patchwork Thu Mar 10 01:53:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ammar Faizi X-Patchwork-Id: 12775791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D858C433FE for ; Thu, 10 Mar 2022 01:54:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236482AbiCJBzB (ORCPT ); Wed, 9 Mar 2022 20:55:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232234AbiCJBzA (ORCPT ); Wed, 9 Mar 2022 20:55:00 -0500 Received: from gnuweeb.org (gnuweeb.org [51.81.211.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8DDD12867A; Wed, 9 Mar 2022 17:53:59 -0800 (PST) Received: from integral2.. (unknown [114.10.7.234]) by gnuweeb.org (Postfix) with ESMTPSA id EAB117E2D8; Thu, 10 Mar 2022 01:53:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org; s=default; t=1646877239; bh=4osDx3D9jfGqlsB1arjr7DzEz5HAJ5v/iZnmYw+BPBU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cQGnzPmMKyFHFuJ/jNwIAJeEyok84fmwQabK/6ysdrWtYoZQPGsxkyy15PdILcpjN nvqnSBOL/0jToYzWkwhFivuoIA1RT+P2atBwA6rlE+6x9fQtx7rgGib8BLboC29dS3 6+R2BZD7o0hOJbPNsrM4vpHmr2Vjaqr6TQcwfQ76wYXiRRFJ4s6jgybyCU4Oc2d0Mx 3fLSMbu0ZU62xkgu65PKAa8DUaBqp4GxxR+SejH+6ezT3SKQorXU3naJZLe0I+Jhd0 KgxitHH71MOKNN8gt3wSs2HiAQM4FG+Xi3Ngb3ANViovcI/WaVnqdfS7M2YmR3e+B5 CrFSv/B9NJNPQ== From: Ammar Faizi To: Borislav Petkov , Thomas Gleixner Cc: Ammar Faizi , Alviro Iskandar Setiawan , Alviro Iskandar Setiawan , Dave Hansen , Greg Kroah-Hartman , "H. Peter Anvin" , Ingo Molnar , Tony Luck , Yazen Ghannam , linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, gwml@vger.gnuweeb.org, x86@kernel.org Subject: [PATCH v5 2/2] x86/MCE/AMD: Fix memory leak when `threshold_create_bank()` fails Date: Thu, 10 Mar 2022 08:53:06 +0700 Message-Id: <20220310015306.445359-3-ammarfaizi2@gnuweeb.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20220310015306.445359-1-ammarfaizi2@gnuweeb.org> References: <20220310015306.445359-1-ammarfaizi2@gnuweeb.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-edac@vger.kernel.org In mce_threshold_create_device(), if threshold_create_bank() fails, the @bp will be leaked, because the call to mce_threshold_remove_device() will not free the @bp. mce_threshold_remove_device() frees @threshold_banks. At that point, the @bp has not been written to @threshold_banks, @threshold_banks is NULL, so the call is just a nop. Fix this by extracting the cleanup part into a new static function _mce_threshold_remove_device(), then call it from create/remove device functions. Also, eliminate the "goto out_err", just early return inside the loop if the creation fails. Cc: Borislav Petkov Cc: Thomas Gleixner Cc: Greg Kroah-Hartman Cc: stable@vger.kernel.org # v5.8+ Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path") Link: https://lore.kernel.org/lkml/9dfe087a-f941-1bc4-657d-7e7c198888ff@gnuweeb.org Co-authored-by: Alviro Iskandar Setiawan Signed-off-by: Alviro Iskandar Setiawan Co-authored-by: Yazen Ghannam Signed-off-by: Yazen Ghannam Signed-off-by: Ammar Faizi --- arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/amd.c b/arch/x86/kernel/cpu/mce/amd.c index 9f4b508886dd..e492efab68a2 100644 --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -1293,10 +1293,23 @@ static void threshold_remove_bank(struct threshold_bank *bank) kfree(bank); } +static void _mce_threshold_remove_device(struct threshold_bank **bp, + unsigned int numbanks) +{ + unsigned int bank; + + for (bank = 0; bank < numbanks; bank++) { + if (bp[bank]) { + threshold_remove_bank(bp[bank]); + bp[bank] = NULL; + } + } + kfree(bp); +} + int mce_threshold_remove_device(unsigned int cpu) { struct threshold_bank **bp = this_cpu_read(threshold_banks); - unsigned int bank, numbanks = this_cpu_read(mce_num_banks); if (!bp) return 0; @@ -1307,13 +1320,7 @@ int mce_threshold_remove_device(unsigned int cpu) */ this_cpu_write(threshold_banks, NULL); - for (bank = 0; bank < numbanks; bank++) { - if (bp[bank]) { - threshold_remove_bank(bp[bank]); - bp[bank] = NULL; - } - } - kfree(bp); + _mce_threshold_remove_device(bp, this_cpu_read(mce_num_banks)); return 0; } @@ -1350,15 +1357,14 @@ int mce_threshold_create_device(unsigned int cpu) if (!(this_cpu_read(bank_map) & (1 << bank))) continue; err = threshold_create_bank(bp, cpu, bank); - if (err) - goto out_err; + if (err) { + _mce_threshold_remove_device(bp, numbanks); + return err; + } } this_cpu_write(threshold_banks, bp); if (thresholding_irq_en) mce_threshold_vector = amd_threshold_interrupt; return 0; -out_err: - mce_threshold_remove_device(cpu); - return err; }