Re: [PATCH] powerpc/pseries/hotplug-cpu: Fix memleak when cpus node not exist

Tue, 10 Nov 2020 06:09:44 -0800 

Zhang Xiaoxu <zhangxiao...@huawei.com> writes:
> From: zhangxiaoxu <zhangxiao...@huawei.com>
>
> If the cpus nodes not exist, we lost to free the 'cpu_drcs', which
> will leak memory.
>
> Fixes: a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in 
> error path")
> Reported-by: Hulk Robot <hul...@huawei.com>
> Signed-off-by: zhangxiaoxu <zhangxiao...@huawei.com>
> ---
>  arch/powerpc/platforms/pseries/hotplug-cpu.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c 
> b/arch/powerpc/platforms/pseries/hotplug-cpu.c
> index f2837e33bf5d..4bb1c9f2bb11 100644
> --- a/arch/powerpc/platforms/pseries/hotplug-cpu.c
> +++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c
> @@ -743,6 +743,7 @@ static int dlpar_cpu_add_by_count(u32 cpus_to_add)
>       parent = of_find_node_by_path("/cpus");
>       if (!parent) {
>               pr_warn("Could not find CPU root node in device tree\n");
> +             kfree(cpu_drcs);
>               return -1;
>       }

Thanks for finding this.

a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in error
path") was posted in Sept 2019 but was not applied until July 2020:

https://lore.kernel.org/linuxppc-dev/20190919231633.1344-1-nath...@linux.ibm.com/

Here is that change as posted; note the function context is
find_dlpar_cpus_to_add(), not dlpar_cpu_add_by_count():

--- a/arch/powerpc/platforms/pseries/hotplug-cpu.c
+++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c
@@ -726,7 +726,6 @@ static int find_dlpar_cpus_to_add(u32 *cpu_drcs, u32 
cpus_to_add)
        parent = of_find_node_by_path("/cpus");
        if (!parent) {
                pr_warn("Could not find CPU root node in device tree\n");
-               kfree(cpu_drcs);
                return -1;
        }

Meanwhile b015f6bc9547dbc056edde7177c7868ca8629c4c ("powerpc/pseries: Add
cpu DLPAR support for drc-info property") was posted in Nov 2019 and
committed a few days later:

https://lore.kernel.org/linux-pci/1573449697-5448-4-git-send-email-tyr...@linux.ibm.com/

This change reorganized the same code, removing
find_dlpar_cpus_to_add(), and it had the effect of fixing the same
issue.

However git apparently allowed the older change to still apply on top of
this (changing a function different from the one in the original
patch!), leading to a real bug.

Your patch is correct but it should be framed as a revert of
a0ff72f9f5a7 with this context in the commit message.

Reply via email to