From patchwork Fri Nov 4 09:56:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Huafei X-Patchwork-Id: 15456 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp301264wru; Fri, 4 Nov 2022 03:17:26 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5cCY6y2wm6j1T7NdYoMHZwsHYs45w6oLNzXO8sW1w5iggsDbNrbUQXvTwATNYB2rYjduxO X-Received: by 2002:a17:907:7633:b0:7ad:df69:8abc with SMTP id jy19-20020a170907763300b007addf698abcmr23902192ejc.189.1667557046629; Fri, 04 Nov 2022 03:17:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667557046; cv=none; d=google.com; s=arc-20160816; b=JKVxWvhNB9FCXjfIsRlEMEYWZho6muipGSxEXO2MifRHnuC7UsWX+XkS6r38TOTI+i fm/Ps/BtGz4SFH7TlOmCzqROAtUnfkSyFXV6o9C0QNge7FGLU2kbF6BG0RmCVck69W55 j9wBHFDYcBA28YFxMIpGZMxsSmJn6K6vQopd9fFz3ev+T9l4EKoXtZrRiAb0k9mYt2aH J9b4LhiOZzoQLy/0Su30u/TDRkoyrwKrgLdp4HwbDqwTBddL+hiFpfxeU2dYpe6g8HFS 4WmQ6kRmw5b5Dl1gE3t/4BhyTay7BduROixNIyffKgS/QixTlX3Cf6N2fqdgTOVGo39U jhyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from; bh=tdDZImF4NYmr082KZW/HPh6U358tZW1gAoJZbhd/pEw=; b=IGUaOXd2UYmZhdOuiKqb7t5IQANP3rcDfpy7WKxKVM936BiNqbSY/7ZKSJGTHxQeYj F3N96OJduJ5L2o+mcdNSehRDd7mlaiaDwfjyk6Zt6tEl3Z4eEqSVIGUSn/CT9PxtoOF8 H2Du/kOu7KFcNM4m4qiiYvLrCb8jCIUIPjKIqEDWUsKmLdP7azxh3dn0VmePqI3tLcm6 EO8t3WXSi0sarHCrMUPlOXIebDrXomcD+iMgYqvNAjZ9I+eWGEBGLnYrRyBjFpKUZ2dl 5rfS+r4jbmUiGJlUCv1QJx7WcRaI6U38AXq8kK9ePMk/YaJX02OnIaSzpIClFOh0791u wzOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id go37-20020a1709070da500b007ade82b938asi5522935ejc.784.2022.11.04.03.17.01; Fri, 04 Nov 2022 03:17:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231643AbiKDKAW (ORCPT + 99 others); Fri, 4 Nov 2022 06:00:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231620AbiKDKAQ (ORCPT ); Fri, 4 Nov 2022 06:00:16 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AEEAA1EADF for ; Fri, 4 Nov 2022 03:00:14 -0700 (PDT) Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.57]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4N3bdS6RwQzJn3Y; Fri, 4 Nov 2022 17:57:16 +0800 (CST) Received: from kwepemm600010.china.huawei.com (7.193.23.86) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 4 Nov 2022 18:00:12 +0800 Received: from ubuntu1804.huawei.com (10.67.174.174) by kwepemm600010.china.huawei.com (7.193.23.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 4 Nov 2022 18:00:12 +0800 From: Li Huafei To: , , , , , , CC: , , , Subject: [PATCH 1/2] RISC-V: kexec: Fix memory leak of fdt buffer Date: Fri, 4 Nov 2022 17:56:57 +0800 Message-ID: <20221104095658.141222-1-lihuafei1@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Originating-IP: [10.67.174.174] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemm600010.china.huawei.com (7.193.23.86) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748560297708430742?= X-GMAIL-MSGID: =?utf-8?q?1748560297708430742?= This is reported by kmemleak detector: unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): d0 0d fe ed 00 00 12 ed 00 00 00 48 00 00 11 40 ...........H...@ 00 00 00 28 00 00 00 11 00 00 00 02 00 00 00 00 ...(............ backtrace: [<00000000f95b17c4>] kmemleak_alloc+0x34/0x3e [<00000000b9ec8e3e>] kmalloc_order+0x9c/0xc4 [<00000000a95cf02e>] kmalloc_order_trace+0x34/0xb6 [<00000000f01e68b4>] __kmalloc+0x5c2/0x62a [<000000002bd497b2>] kvmalloc_node+0x66/0xd6 [<00000000906542fa>] of_kexec_alloc_and_setup_fdt+0xa6/0x6ea [<00000000e1166bde>] elf_kexec_load+0x206/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2 In elf_kexec_load(), a buffer is allocated via kvmalloc() to store fdt. While it's not freed back to system when kexec kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing riscv specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there. Fixes: 6261586e0c91 ("RISC-V: Add kexec_file support") Signed-off-by: Li Huafei Reviewed-by: Conor Dooley Reviewed-by: Liao Chang --- arch/riscv/include/asm/kexec.h | 5 +++++ arch/riscv/kernel/elf_kexec.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/arch/riscv/include/asm/kexec.h b/arch/riscv/include/asm/kexec.h index eee260e8ab30..2b56769cb530 100644 --- a/arch/riscv/include/asm/kexec.h +++ b/arch/riscv/include/asm/kexec.h @@ -39,6 +39,7 @@ crash_setup_regs(struct pt_regs *newregs, #define ARCH_HAS_KIMAGE_ARCH struct kimage_arch { + void *fdt; /* For CONFIG_KEXEC_FILE */ unsigned long fdt_addr; }; @@ -62,6 +63,10 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, const Elf_Shdr *relsec, const Elf_Shdr *symtab); #define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add + +struct kimage; +int arch_kimage_file_post_load_cleanup(struct kimage *image); +#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup #endif #endif diff --git a/arch/riscv/kernel/elf_kexec.c b/arch/riscv/kernel/elf_kexec.c index 0cb94992c15b..ff30fcb43f47 100644 --- a/arch/riscv/kernel/elf_kexec.c +++ b/arch/riscv/kernel/elf_kexec.c @@ -21,6 +21,14 @@ #include #include +int arch_kimage_file_post_load_cleanup(struct kimage *image) +{ + kvfree(image->arch.fdt); + image->arch.fdt = NULL; + + return kexec_image_post_load_cleanup_default(image); +} + static int riscv_kexec_elf_load(struct kimage *image, struct elfhdr *ehdr, struct kexec_elf_info *elf_info, unsigned long old_pbase, unsigned long new_pbase) @@ -298,6 +306,8 @@ static void *elf_kexec_load(struct kimage *image, char *kernel_buf, pr_err("Error add DTB kbuf ret=%d\n", ret); goto out_free_fdt; } + /* Cache the fdt buffer address for memory cleanup */ + image->arch.fdt = fdt; pr_notice("Loaded device tree at 0x%lx\n", kbuf.mem); goto out; From patchwork Fri Nov 4 09:56:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Huafei X-Patchwork-Id: 15455 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp300617wru; Fri, 4 Nov 2022 03:16:09 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4GGFGiWEFK5Bdvs1w53RdmXfYbRb3hUZ75qXuzsawFwHY7+ShJFoZzyBIYb43JF/5O/1Ap X-Received: by 2002:a05:6402:294f:b0:461:f5ce:31e8 with SMTP id ed15-20020a056402294f00b00461f5ce31e8mr34376451edb.363.1667556969596; Fri, 04 Nov 2022 03:16:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667556969; cv=none; d=google.com; s=arc-20160816; b=ct0SoKJYuzjomDLR3lzaXG4SbR28I9vL0VbFjvO6IIobTAvUCd8XZauX6MlA7xl8ge WYnjqhGwQCqUOkThf3K4j2YztGhUbmRMEqihnA+Sh32KolOnlqsvPpB+McGjUAH6A24O cpiwPt/hfeA3XQQx4OpVGQDoPI11mc0kJhY76bjtx5iAteWtaKn/EgOQVXc7KPuNq0bU bTI4bcgWqGB5+MRNbvLSD5EJRrPslmOtz3m2nmq4poIJaWsVDDOxWQhbcpB72WcEERWq 7H2cuy3l788nxRpzLM6NwkUGiKxKPRD4gENepZqbnOd5Hr5U0FHzn3jTeU93RbXSkBFz GXBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=HtokhIws9a81LE2c+M79/60UewMtPmaD34kTvCRUsD8=; b=vfaOIQpBbBFFcYOvA6QEcjtCAw6tVNPgGSS7lF52LeZGLgC8fSXO9ShISL0Uyl+5wv aHhNm6Rk9mBRsrZOp30QNq9lGWgfs/edHuOde6Ccq4AFGpyDZLf9+dKk9fFC1FFdr6a1 0cMQbn7w0BPldKJRL43OBsrdNlOzFNZg62p3sSYegwj1VjEdbKJ/fIsvaheEk53D9tj6 w+YRStiZmxk9Z9ocXgt5bt0kItBi48hdf6JKFTBjP6d8obLUpXEMjKJ00Oenp/2YQeUb TepkJ1FT2cvn4yLbsImDOwqRFNrhGiaSMA0SGAIhugXvMEib3VlKKHuyoWKxJJOnkYeH EJUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e8-20020a056402190800b0046453c36c69si4208749edz.68.2022.11.04.03.15.44; Fri, 04 Nov 2022 03:16:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231623AbiKDKAT (ORCPT + 99 others); Fri, 4 Nov 2022 06:00:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231621AbiKDKAQ (ORCPT ); Fri, 4 Nov 2022 06:00:16 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AA6028725 for ; Fri, 4 Nov 2022 03:00:15 -0700 (PDT) Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.54]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4N3bhS6M9MzHvZ2; Fri, 4 Nov 2022 17:59:52 +0800 (CST) Received: from kwepemm600010.china.huawei.com (7.193.23.86) by dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 4 Nov 2022 18:00:13 +0800 Received: from ubuntu1804.huawei.com (10.67.174.174) by kwepemm600010.china.huawei.com (7.193.23.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 4 Nov 2022 18:00:12 +0800 From: Li Huafei To: , , , , , , CC: , , , Subject: [PATCH 2/2] RISC-V: kexec: Fix memory leak of elf header buffer Date: Fri, 4 Nov 2022 17:56:58 +0800 Message-ID: <20221104095658.141222-2-lihuafei1@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221104095658.141222-1-lihuafei1@huawei.com> References: <20221104095658.141222-1-lihuafei1@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.174] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemm600010.china.huawei.com (7.193.23.86) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748560217287703780?= X-GMAIL-MSGID: =?utf-8?q?1748560217287703780?= This is reported by kmemleak detector: unreferenced object 0xff2000000403d000 (size 4096): comm "kexec", pid 146, jiffies 4294900633 (age 64.792s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000566ca97c>] kmemleak_vmalloc+0x3c/0xbe [<00000000979283d8>] __vmalloc_node_range+0x3ac/0x560 [<00000000b4b3712a>] __vmalloc_node+0x56/0x62 [<00000000854f75e2>] vzalloc+0x2c/0x34 [<00000000e9a00db9>] crash_prepare_elf64_headers+0x80/0x30c [<0000000067e8bf48>] elf_kexec_load+0x3e8/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2 In elf_kexec_load(), a buffer is allocated via vzalloc() to store elf headers. While it's not freed back to system when kdump kernel is reloaded or unloaded, or when image->elf_header is successfully set and then fails to load kdump kernel for some reason. Fix it by freeing the buffer in arch_kimage_file_post_load_cleanup(). Fixes: 8acea455fafa ("RISC-V: Support for kexec_file on panic") Signed-off-by: Li Huafei Reviewed-by: Conor Dooley --- arch/riscv/kernel/elf_kexec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/kernel/elf_kexec.c b/arch/riscv/kernel/elf_kexec.c index ff30fcb43f47..5372b708fae2 100644 --- a/arch/riscv/kernel/elf_kexec.c +++ b/arch/riscv/kernel/elf_kexec.c @@ -26,6 +26,10 @@ int arch_kimage_file_post_load_cleanup(struct kimage *image) kvfree(image->arch.fdt); image->arch.fdt = NULL; + vfree(image->elf_headers); + image->elf_headers = NULL; + image->elf_headers_sz = 0; + return kexec_image_post_load_cleanup_default(image); }