From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from gnuweeb.org by gnuweeb.org with LMTP id sIF3M3DMnWKBAicALGQddQ (envelope-from ) for ; Mon, 06 Jun 2022 09:44:16 +0000 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by gnuweeb.org (Postfix) with ESMTPS id 83D1C7F7F3; Mon, 6 Jun 2022 09:44:16 +0000 (UTC) Authentication-Results: gnuweeb.org; dkim=pass (1024-bit key; unprotected) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.a=rsa-sha256 header.s=korg header.b=fOxyfPBU; dkim-atps=neutral Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 726F0B81238; Mon, 6 Jun 2022 09:43:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CF1DEC385A9; Mon, 6 Jun 2022 09:43:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654508623; bh=vGOHVv0Q06HiCFx6mMyd1lbDCl5hzpi6XHDFSmFnjYk=; h=Subject:To:Cc:From:Date:From; b=fOxyfPBUngyCM6BDUNSb78NIWorFtvi6KutF5Jw0+q3wp4tt2Ifo8LZpDa3LPtio4 UI6QtQpHEfQHhbPFWoYCoi6Fmj6bs6ca3Ewg01A9rTkB5Rosh0GKhhJN/6ATPLOznB nfv+BjvT/YsP9I0fEIcbtdavQYNeYElISDq+Yh/o= Subject: Patch "x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails" has been added to the 5.15-stable tree To: alviro.iskandar@gnuweeb.org,ammarfaizi2@gnuweeb.org,bp@suse.de,gregkh@linuxfoundation.org,yazen.ghannam@amd.com,gwml@vger.gnuweeb.org Cc: From: Date: Mon, 06 Jun 2022 11:43:19 +0200 Message-ID: <1654508599660@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore List-Id: This is a note to let you know that I've just added the patch titled x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: x86-mce-amd-fix-memory-leak-when-threshold_create_bank-fails.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From e5f28623ceb103e13fc3d7bd45edf9818b227fd0 Mon Sep 17 00:00:00 2001 From: Ammar Faizi Date: Tue, 29 Mar 2022 17:47:05 +0700 Subject: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails From: Ammar Faizi commit e5f28623ceb103e13fc3d7bd45edf9818b227fd0 upstream. In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it. This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is successful, and not before, when threshold_create_bank() fails. Add a helper which unwinds all the bank creation work previously done and pass into it the previously allocated threshold banks array for freeing. [ bp: Massage. ] Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path") Co-developed-by: Alviro Iskandar Setiawan Signed-off-by: Alviro Iskandar Setiawan Co-developed-by: Yazen Ghannam Signed-off-by: Yazen Ghannam Signed-off-by: Ammar Faizi Signed-off-by: Borislav Petkov Cc: Link: https://lore.kernel.org/r/20220329104705.65256-3-ammarfaizi2@gnuweeb.org Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) --- a/arch/x86/kernel/cpu/mce/amd.c +++ b/arch/x86/kernel/cpu/mce/amd.c @@ -1470,10 +1470,23 @@ out_free: kfree(bank); } +static void __threshold_remove_device(struct threshold_bank **bp) +{ + unsigned int bank, numbanks = this_cpu_read(mce_num_banks); + + for (bank = 0; bank < numbanks; bank++) { + if (!bp[bank]) + continue; + + threshold_remove_bank(bp[bank]); + bp[bank] = NULL; + } + kfree(bp); +} + int mce_threshold_remove_device(unsigned int cpu) { struct threshold_bank **bp = this_cpu_read(threshold_banks); - unsigned int bank, numbanks = this_cpu_read(mce_num_banks); if (!bp) return 0; @@ -1484,13 +1497,7 @@ int mce_threshold_remove_device(unsigned */ this_cpu_write(threshold_banks, NULL); - for (bank = 0; bank < numbanks; bank++) { - if (bp[bank]) { - threshold_remove_bank(bp[bank]); - bp[bank] = NULL; - } - } - kfree(bp); + __threshold_remove_device(bp); return 0; } @@ -1527,15 +1534,14 @@ int mce_threshold_create_device(unsigned if (!(this_cpu_read(bank_map) & (1 << bank))) continue; err = threshold_create_bank(bp, cpu, bank); - if (err) - goto out_err; + if (err) { + __threshold_remove_device(bp); + return err; + } } this_cpu_write(threshold_banks, bp); if (thresholding_irq_en) mce_threshold_vector = amd_threshold_interrupt; return 0; -out_err: - mce_threshold_remove_device(cpu); - return err; } Patches currently in stable-queue which might be from ammarfaizi2@gnuweeb.org are queue-5.15/x86-mce-amd-fix-memory-leak-when-threshold_create_bank-fails.patch