From patchwork Wed Sep 18 17:19:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150847 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DCEE814E5 for ; Wed, 18 Sep 2019 17:19:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BB4EF21924 for ; Wed, 18 Sep 2019 17:19:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="DrV6yqHP" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732088AbfIRRTW (ORCPT ); Wed, 18 Sep 2019 13:19:22 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:45312 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731703AbfIRRTW (ORCPT ); Wed, 18 Sep 2019 13:19:22 -0400 Received: by mail-pf1-f193.google.com with SMTP id y72so388042pfb.12 for ; Wed, 18 Sep 2019 10:19:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KEWAXnlLjNC2nv8CVNynnjfMbw9zNY+Gb9tPaivirx0=; b=DrV6yqHPlQC+6968RW8zY7OfYQOEud2XhRgMxa0V/FestL0ujwS6mS1ef4P3er4CFx YhWMA+vNLvjFQ9iRqdji403DJ31sUwHdAgCrOSEwodwZ4HEtgNUhTGAS9pYSYV8TsKK0 jX0niNN4fqvKG5a5c7wA5iv3Rq7IZrPBSkH7hHwIDgTMEZwsx73F0rBhsKqD2l9BGt4u FkEKnZs3m6FFnr/MH8qGU1wYzvI7h3XeonN6pg0R7tlNWSm6AndB+HnUKy2bw6F9aVcH qUKstThFhTPriRymtDqCK5s7H8ajExcPNAf7kUcTRQEW/LOdA7Q/T0i7oD3tOd1TPXC1 wDeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KEWAXnlLjNC2nv8CVNynnjfMbw9zNY+Gb9tPaivirx0=; b=lcTJgVJk3Qdgn25m95ZOqRYcukEf9dNZPNAHHtUn69qoggmggr3E5fcor2QhTnH52s WM5OixZi2vwmN0lMR2VpAf5+3Pvuo96l89G4R+f3jAJLEbJJMDdu/xEuKijmV0PAvWfF JKPJWdkcSGQ6ABJWOfEGr8AHFAkuSCe/9Ew6dsv/YlC8+yiPZzq2IWnavNmvOItvJpk+ EGoU4pPndDmyM9frE3Ogs/FT/8Cz68XutndTov7ShUR/KXTlUivMyS0gumpfF3mfwbDM XK1SRvsxVm4Yqj3MKOrbdZxjkzm1orfT+x5Dej+HggPTLHixWl+bhjdGDPwynVqCZC3L 7/gQ== X-Gm-Message-State: APjAAAVV4SvwyJ3SqzT2akKTK4HrVn2fyDCLXXU0JLugnX7Y36om/MtC KE0SHFgzxKgcHk+TmHnt5eCGcw== X-Google-Smtp-Source: APXvYqxp62gr99DDSE2MOj4Y2Ok56M4hOgsVDIdyiHw6ue4GqTbJWWYQL6fzuTiARGdgTA9+Pndcjg== X-Received: by 2002:a62:2b4d:: with SMTP id r74mr5507565pfr.30.1568827161136; Wed, 18 Sep 2019 10:19:21 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:20 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 1/6] rpmsg: glink: Fix reuse intents memory leak issue Date: Wed, 18 Sep 2019 10:19:11 -0700 Message-Id: <20190918171916.4039-2-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org From: Arun Kumar Neelakantam Memory allocated for re-usable intents are not freed during channel cleanup which causes memory leak in system. Check and free all re-usable memory to avoid memory leak. Fixes: 933b45da5d1d ("rpmsg: glink: Add support for TX intents") Cc: stable@vger.kernel.org Signed-off-by: Arun Kumar Neelakantam Reported-by: Srinivas Kandagatla Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 621f1afd4d6b..9355ce26fd98 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -241,10 +241,19 @@ static void qcom_glink_channel_release(struct kref *ref) { struct glink_channel *channel = container_of(ref, struct glink_channel, refcount); + struct glink_core_rx_intent *tmp; unsigned long flags; + int iid; spin_lock_irqsave(&channel->intent_lock, flags); + idr_for_each_entry(&channel->liids, tmp, iid) { + kfree(tmp->data); + kfree(tmp); + } idr_destroy(&channel->liids); + + idr_for_each_entry(&channel->riids, tmp, iid) + kfree(tmp); idr_destroy(&channel->riids); spin_unlock_irqrestore(&channel->intent_lock, flags); From patchwork Wed Sep 18 17:19:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150831 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6AA7016B1 for ; Wed, 18 Sep 2019 17:19:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4898D21920 for ; Wed, 18 Sep 2019 17:19:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="O4JEUjWN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732128AbfIRRT0 (ORCPT ); Wed, 18 Sep 2019 13:19:26 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:46526 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732113AbfIRRTY (ORCPT ); Wed, 18 Sep 2019 13:19:24 -0400 Received: by mail-pg1-f196.google.com with SMTP id a3so194777pgm.13 for ; Wed, 18 Sep 2019 10:19:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=j0roT+o44pSB3MM7mlqj6crjaHtjbvUFCdPy0FOZOMU=; b=O4JEUjWNfJnoTHf3Kz89DjXTVO8W5+rzHM+ls2mRU28W2FV8b8nZpi6L4cqrkJ3F9M YNXjD36ZsIeuhFahMECAXywua8oqYrxpt1YatcxAwxFJK9o8yNXSuTbqI2vXKYbh9p6N m6cO55tIKUoEWfQv6zUtFnHHhSEaHEkcJ9GU5jj8LdOugJZpZqqSyw4shaBwj57pe2vE d4kyc4biEk89OMh2r0LCFn+HzKVVH0MLLffXz+uCuT8rhq7ATBdYujE5awZYqY1PKdfZ ZdaThZ6464sjkSOeHGmwdi2hbFJGRoV9AsQs0ByhiPZzcpKm6rrL7HIXmoiFAxGyDUqs bklQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=j0roT+o44pSB3MM7mlqj6crjaHtjbvUFCdPy0FOZOMU=; b=W8CjfCfuKomPajCeuSO3H+aM3vBzlNVaWzkrB8D2eblpnCQJIbMYLkzdrwIqam9SjC W1OWu8iaCHoaoaIIFrFP8T7do8wLgcTonvWHctimkw0rsMDX1aRyd5uvqjr+aac4moPv z/MDAPAUwAgv7JZIP078dbNuEu0GtRjnHMVDnLpzDlWU2JAQdEx28LxBUZYxQEe766ze CrI7ESc2XvuyyYFOaQX8MDf8wCGkU8qdPwGueiz0f7SH8+nyyekmJdzt2UTHaJGtv5n2 4ZrriWUyHLn7WA7dk1iioVkr1mCyA/RliXomvSV27JY2F3M2IShrVpJLeUeQ10pywaNW Ch3A== X-Gm-Message-State: APjAAAWMAmyNlMNm11fIIbDkPSp+x8vVpGhi1CwQ5PcH6khyXgxt5EpP L0v8vudcXoRyBaZTuJvRFACsEw== X-Google-Smtp-Source: APXvYqwVomWFERAJsR0i2p38N1YgsQl9AebCgv0yamF8m+dfqfnKfuGtvgkfx1j4kW4Dvf22Wl7mrQ== X-Received: by 2002:aa7:9216:: with SMTP id 22mr5574508pfo.214.1568827162439; Wed, 18 Sep 2019 10:19:22 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:21 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 2/6] rpmsg: glink: Fix use after free in open_ack TIMEOUT case Date: Wed, 18 Sep 2019 10:19:12 -0700 Message-Id: <20190918171916.4039-3-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org From: Arun Kumar Neelakantam Extra channel reference put when remote sending OPEN_ACK after timeout causes use-after-free while handling next remote CLOSE command. Remove extra reference put in timeout case to avoid use-after-free. Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver") Cc: stable@vger.kernel.org Signed-off-by: Arun Kumar Neelakantam Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 9355ce26fd98..72ed671f5dcd 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1103,13 +1103,12 @@ static int qcom_glink_create_remote(struct qcom_glink *glink, close_link: /* * Send a close request to "undo" our open-ack. The close-ack will - * release the last reference. + * release qcom_glink_send_open_req() reference and the last reference + * will be relesed after receiving remote_close or transport unregister + * by calling qcom_glink_native_remove(). */ qcom_glink_send_close_req(glink, channel); - /* Release qcom_glink_send_open_req() reference */ - kref_put(&channel->refcount, qcom_glink_channel_release); - return ret; } From patchwork Wed Sep 18 17:19:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150827 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B515B14E5 for ; Wed, 18 Sep 2019 17:19:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 92510207FC for ; Wed, 18 Sep 2019 17:19:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="rO9i/cqL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732120AbfIRRTZ (ORCPT ); Wed, 18 Sep 2019 13:19:25 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:41252 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732112AbfIRRTY (ORCPT ); Wed, 18 Sep 2019 13:19:24 -0400 Received: by mail-pg1-f195.google.com with SMTP id x15so211390pgg.8 for ; Wed, 18 Sep 2019 10:19:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VwSAewYHioEBjS31iqIfRjVrZyDonRdWcj1Y+TfsqH4=; b=rO9i/cqLekYgyKdKCnFYjAL4R/QkPCECSyUyb7g2A+JKQKpKGHGHs2JQa91AMbG/2w 1lED6OUbgkoFnKNsS8sAuVKoGcJ/HX7iMbXflFVJP+G0Eoh2jir2EAjBir/87kMiVIbH TGN86ho4VviITmkJju5fHnGtLVyX20eLopp2OR9zx/XrG+lbFUgF9ho8nWFvUVmMOosg ztCiiJk0oz5dDSW0jP1/X7SxOt1poyhGRX1OYbu824rVveyFMp8Afqmdm2rA7sVRW6qe yIIF8ArmWEbZl7z3D7gYV6yBb+uq9Yj6DuuVk/BKO+JoxTbwTZEfgolB3XIWu87dAOFJ 5AUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VwSAewYHioEBjS31iqIfRjVrZyDonRdWcj1Y+TfsqH4=; b=t85rJvUajuhbPykqOfaAo0+XqI/rQZZmfX+9zMDGMQvQPHMklxVzRYcPITeG1SdOZP pNc0/YoH8ENhk2sDGkMbMdvUleV6zYjUZl6fWdwakUUXzyECMow8HjR+mNC9xbfM2ce8 9UwOmcbU5yMM+S7EwfVl/wHpZHOwCbO2VYuGtJm4wAOtJAAMqwr2rC7l1IeeyxlOtp+0 ONTUQoliow3h/E93iirn7O0b2x4qtj1FmQ2xXRfJ0cS0WPHXxE2fIJr2CUcsC1ChKIX4 XfGnpUPfMOjFcDkGDFMF5DVBuAfb+Mw3zZX636Qe7VIN87hKscvviHdqi1Nq35rzkNfI 4tMA== X-Gm-Message-State: APjAAAUAcpWuMfOsd5VPCh+8/gzoEByVRsUjtTdbH87M/sT+itF+s6K/ GmmFjlA0MEj8iLXBLf+T3wJghw== X-Google-Smtp-Source: APXvYqz6KBiLBnvTbiv1tlhJ561p18GEHMN8vVjD8bUsFTROEBscCpnd0MazHXczVzILrhpz3xg50g== X-Received: by 2002:a65:6557:: with SMTP id a23mr4976164pgw.439.1568827163712; Wed, 18 Sep 2019 10:19:23 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:23 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 3/6] rpmsg: glink: Put an extra reference during cleanup Date: Wed, 18 Sep 2019 10:19:13 -0700 Message-Id: <20190918171916.4039-4-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org From: Chris Lew In a remote processor crash scenario, there is no guarantee the remote processor sent close requests before it went into a bad state. Remove the reference that is normally handled by the close command in the so channel resources can be released. Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver") Cc: stable@vger.kernel.org Signed-off-by: Chris Lew Reported-by: Srinivas Kandagatla Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 72ed671f5dcd..21fd2ae5f7f1 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1641,6 +1641,10 @@ void qcom_glink_native_remove(struct qcom_glink *glink) idr_for_each_entry(&glink->lcids, channel, cid) kref_put(&channel->refcount, qcom_glink_channel_release); + /* Release any defunct local channels, waiting for close-req */ + idr_for_each_entry(&glink->rcids, channel, cid) + kref_put(&channel->refcount, qcom_glink_channel_release); + idr_destroy(&glink->lcids); idr_destroy(&glink->rcids); spin_unlock_irqrestore(&glink->idr_lock, flags); From patchwork Wed Sep 18 17:19:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150845 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 334B71747 for ; Wed, 18 Sep 2019 17:19:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0B92621927 for ; Wed, 18 Sep 2019 17:19:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="fUltYfIH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732113AbfIRRTp (ORCPT ); Wed, 18 Sep 2019 13:19:45 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:42162 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732122AbfIRRTZ (ORCPT ); Wed, 18 Sep 2019 13:19:25 -0400 Received: by mail-pg1-f193.google.com with SMTP id z12so208748pgp.9 for ; Wed, 18 Sep 2019 10:19:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0Uy6bHHevUENAulkqSQtPk+BZ1l0ipc3uMDtQFYz2nQ=; b=fUltYfIHMIOjnGd1FS6BZiNa/6sr2uKEIzz7Km04e6IE93VkMueUYltt3JEHNNMed1 GQRuxifsOhM9iy6QFfjHwj5jaUiX3QsJHwCb9hKSyT0mAeqdcDs9/ajmOcMrgjTnntfh MuRVkkBgPraBP+jhxCtecPZoou+N86UCV+33hwtlyvZfuoOtA0EbncL9o39XLbqVd6I9 3Kg49BtFHgGwGEp4UMyN1ypdjImD87vMg/gWcEbN4c7Q86aX4C3vTbB5HbKi9hjaqPtq 2h1Yj5ChS0HnM9jwMmeHYwddXhW14mb+g0jXmXjUb2lJQQov7Qcyp0X7vLD0dfDJ7xdN fnhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0Uy6bHHevUENAulkqSQtPk+BZ1l0ipc3uMDtQFYz2nQ=; b=HmoIdXvSumJ+rEo67llnWtnysF5hjSsqkNGg+sjatWKwaBUDqhUgQR3tDOFJ8eW60q Ukm6EX51IP593K1tGhcS2DH8kke3Wc2xBdf2DUjApZRn03LQF3kU0jrYCX9+hhF6AkgG QCSerFcodzHDXPmL60n/iZcYMnoaRDiT20kj96Bt+vtFMKVnW4p0JxsUPZf1Nq5+VodV Y4uNkKBm2d0L98Y/DpSzmWPsPeZRThAiKttvzy/R/fFlGN8jEPhron1paNFir1d5Wl4A JP2Hel6K7KFV+kD/3/BYJeNQtT6uGgcDJJY4XXs+ILjux7cdsgHLutRXLSaNeXMfnLe+ rjJQ== X-Gm-Message-State: APjAAAUm8dJVR42fX/b24jTmn3lTUU+Cv/yNI5rpGr6UzU3ktdqAHntA Lgn3aysM9OlXu0m2YPfmxeN/vgje91s= X-Google-Smtp-Source: APXvYqzUBAdLgS6iTt8bHDfY8QFjRB3LWD0ZA7+0XCI2Z/UvIRKaIlHhFvg+rPfjmsmeW771XqxKXg== X-Received: by 2002:a62:db84:: with SMTP id f126mr5532642pfg.25.1568827165043; Wed, 18 Sep 2019 10:19:25 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:24 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 4/6] rpmsg: glink: Fix rpmsg_register_device err handling Date: Wed, 18 Sep 2019 10:19:14 -0700 Message-Id: <20190918171916.4039-5-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org From: Chris Lew The device release function is set before registering with rpmsg. If rpmsg registration fails, the framework will call device_put(), which invokes the release function. The channel create logic does not need to free rpdev if rpmsg_register_device() fails and release is called. Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver") Cc: stable@vger.kernel.org Signed-off-by: Chris Lew Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 21fd2ae5f7f1..89e02baea2d0 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1423,15 +1423,13 @@ static int qcom_glink_rx_open(struct qcom_glink *glink, unsigned int rcid, ret = rpmsg_register_device(rpdev); if (ret) - goto free_rpdev; + goto rcid_remove; channel->rpdev = rpdev; } return 0; -free_rpdev: - kfree(rpdev); rcid_remove: spin_lock_irqsave(&glink->idr_lock, flags); idr_remove(&glink->rcids, channel->rcid); From patchwork Wed Sep 18 17:19:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150839 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C80114E5 for ; Wed, 18 Sep 2019 17:19:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DE6CC21920 for ; Wed, 18 Sep 2019 17:19:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="rYhSObq4" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732112AbfIRRTb (ORCPT ); Wed, 18 Sep 2019 13:19:31 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:45768 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732136AbfIRRT2 (ORCPT ); Wed, 18 Sep 2019 13:19:28 -0400 Received: by mail-pl1-f194.google.com with SMTP id u12so240598pls.12 for ; Wed, 18 Sep 2019 10:19:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Zted6byoUjfvi72VSDIhM8pesVU1cPbkC92rYkmfs6k=; b=rYhSObq4evGVg356bza5zIWCf7uvuBbpf4HCEDLaZ/lBqNwdVQZDZZoJiUCg5d1A6b cmF677BmCdEDLLgmJKuII4SBexOEnJwmuqvItJo7DaeE8IDlhRrFU1xI9PNu54Am5Nsq 8O0JANibva5B7rlPn5iBN4STl/6PWnmXYTPwCkim8kiqhcs1bBXjWFga1BqcQvhJ+3jx 6H3jIg+C1VUq53LrNHDo9jwI4WZQH3nT2sDwFIIyNQGKmh9nDz2jmGUAUZmF6LsTpOp4 0UBsPBSdsE1TcqagQJhKslYjT7t1M6t8FJAsbCKRKUeRT04AaniPiAI5g229tX0I+wvt tjtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Zted6byoUjfvi72VSDIhM8pesVU1cPbkC92rYkmfs6k=; b=lE1qj2ixEuL0dmxOkv69UquJiSTk8Cfbm/xTysQArQEtgLj77XXFFMkvqpRitkeKl6 oijRH0dJq7GHrZyd+AmlgtkFb6xl0DjHV89wvNzaL4QrJAgdC4V0VqgCe5IrSCq3MDZ+ ngpU967OaAImd2sZy0MFlcuZArMiPi7aUP7t2RiWenq3nJMGGtdXXJ7X26sWi2dSUay7 JBC9pfkhmJ38ADvnBEIofQSjo2y4iveQgBEPTHvwDGvQjYcDQe6UsLdc7/GdvhXdQMSr Asl4dbrJS/q1Ud8nNbYi5GQh+VT+pUlZ25y1Ew+vU3JxrRBK1p+gmPZZvm4FdmaLWpU0 PSmg== X-Gm-Message-State: APjAAAXqHpNzYo/ao1d2NRCy+zZGJ2NIOLpQrHTbyr8nW0r1avnI2j9x LAMYU7fJAHDNh4fY0XlIohI+8A== X-Google-Smtp-Source: APXvYqw0iFqROo2OVRy0jIHEtn/M2cMt17ahjJ12kB01MygdAcnt0iw88YZq2uoIDfL3USxZjvrq+w== X-Received: by 2002:a17:902:b497:: with SMTP id y23mr5286203plr.201.1568827166359; Wed, 18 Sep 2019 10:19:26 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:25 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5/6] rpmsg: glink: Don't send pending rx_done during remove Date: Wed, 18 Sep 2019 10:19:15 -0700 Message-Id: <20190918171916.4039-6-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org Attempting to transmit rx_done messages after the GLINK instance is being torn down will cause use after free and memory leaks. So cancel the intent_work and free up the pending intents. Fixes: 1d2ea36eead9 ("rpmsg: glink: Add rx done command") Cc: stable@vger.kernel.org Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 89e02baea2d0..0d7518a6ebf0 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -241,11 +241,23 @@ static void qcom_glink_channel_release(struct kref *ref) { struct glink_channel *channel = container_of(ref, struct glink_channel, refcount); + struct glink_core_rx_intent *intent; struct glink_core_rx_intent *tmp; unsigned long flags; int iid; + /* cancel pending rx_done work */ + cancel_work_sync(&channel->intent_work); + spin_lock_irqsave(&channel->intent_lock, flags); + /* Free all non-reuse intents pending rx_done work */ + list_for_each_entry_safe(intent, tmp, &channel->done_intents, node) { + if (!intent->reuse) { + kfree(intent->data); + kfree(intent); + } + } + idr_for_each_entry(&channel->liids, tmp, iid) { kfree(tmp->data); kfree(tmp); From patchwork Wed Sep 18 17:19:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bjorn Andersson X-Patchwork-Id: 11150837 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C9D7C1747 for ; Wed, 18 Sep 2019 17:19:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A7E0B21920 for ; Wed, 18 Sep 2019 17:19:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="S31B2pEs" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732149AbfIRRTa (ORCPT ); Wed, 18 Sep 2019 13:19:30 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:40693 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732112AbfIRRTa (ORCPT ); Wed, 18 Sep 2019 13:19:30 -0400 Received: by mail-pf1-f195.google.com with SMTP id x127so409637pfb.7 for ; Wed, 18 Sep 2019 10:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o8jBbFMTRVOLRjVfPalAAvaLLhvjkkI5HoxGIVyvU8o=; b=S31B2pEsbk+z279WHVu2T3GrmYwNDVVVEi/rj5HIvyV6nVgECY/7RfHJ/xSGEt3k8s xShPMHY9cudQDZP2dH2wQvi5BLCnKKfojyVvVTmE40etR2gvyyljlHoYoi6uumzoghtX w9Z9vYHDU4Nr8o77x/MECD8F0zYjEGM0wGFN0W6SV4mPq4kePFnte+jMuBjO+V9Mk2y0 PAcA8IRjRYXTcc9rvtEv5ImAlwMDeEupI6jzInysqLqlG72aANz/bomMqQVVysMA8gZM P5q4KvZmbHFyFK1W4gXjZrIhbNXctmumsmzN1F3DphKi2qR0jlIHMwLf4SO12NlkfTlY 7LCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o8jBbFMTRVOLRjVfPalAAvaLLhvjkkI5HoxGIVyvU8o=; b=mUTLqCq20BXt6hNKf1thI/X6IA/hrgpnzXcIc7nH3CDvtZw/JXnaLV50FzsIvAU3W0 n66bdbtpInrZEPm7goGe5mnfCiEeMAWVwesLHKAEf5T1/ELShSMzlO2E925BEEUb3eDh A38hgqT90u/DoznLcWKcbw5zFmUShv1edrLd2wkoMgFsmymQYzB22wFCIX6uKzr5RGta clI9g1emELZI8tfyPD68FN+fEgmZa+y7c67B+lYMaKOT7RoUdJ3sZl8OX98sPwErKs1p 4/SXV3sqHTS6xeJj89DCJEj3/RDiemksQXIFt5w6yl5tLGk65ayIPgPpTfkulsxQUG1e RFKg== X-Gm-Message-State: APjAAAUGIAuGsjwSHq0ZFgMyL+F7nvpdo7IEtCMVe7AnIyZUVqxklWN4 Kr7l8MmeHs8fV21xqxmsRustgQ== X-Google-Smtp-Source: APXvYqz2NwfyeZRXxm7dgiBTjnJCh8SRsdzqxi1i88kaJsXr+YupiSXjV/8iuycHgXoZ1FvOMMG8Fw== X-Received: by 2002:a63:34cb:: with SMTP id b194mr4926065pga.446.1568827167913; Wed, 18 Sep 2019 10:19:27 -0700 (PDT) Received: from localhost.localdomain (104-188-17-28.lightspeed.sndgca.sbcglobal.net. [104.188.17.28]) by smtp.gmail.com with ESMTPSA id y4sm2614981pjn.19.2019.09.18.10.19.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 10:19:27 -0700 (PDT) From: Bjorn Andersson To: Ohad Ben-Cohen , Bjorn Andersson , Srinivas Kandagatla , Jorge Ramirez Cc: linux-arm-msm@vger.kernel.org, linux-remoteproc@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 6/6] rpmsg: glink: Free pending deferred work on remove Date: Wed, 18 Sep 2019 10:19:16 -0700 Message-Id: <20190918171916.4039-7-bjorn.andersson@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190918171916.4039-1-bjorn.andersson@linaro.org> References: <20190918171916.4039-1-bjorn.andersson@linaro.org> Sender: linux-remoteproc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-remoteproc@vger.kernel.org By just cancelling the deferred rx worker during GLINK instance teardown any pending deferred commands are leaked, so free them. Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver") Cc: stable@vger.kernel.org Signed-off-by: Bjorn Andersson --- drivers/rpmsg/qcom_glink_native.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c index 0d7518a6ebf0..5920432e697a 100644 --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1562,6 +1562,18 @@ static void qcom_glink_work(struct work_struct *work) } } +static void qcom_glink_cancel_rx_work(struct qcom_glink *glink) +{ + struct glink_defer_cmd *dcmd; + struct glink_defer_cmd *tmp; + + /* cancel any pending deferred rx_work */ + cancel_work_sync(&glink->rx_work); + + list_for_each_entry_safe(dcmd, tmp, &glink->rx_queue, node) + kfree(dcmd); +} + struct qcom_glink *qcom_glink_native_probe(struct device *dev, unsigned long features, struct qcom_glink_pipe *rx, @@ -1640,7 +1652,7 @@ void qcom_glink_native_remove(struct qcom_glink *glink) unsigned long flags; disable_irq(glink->irq); - cancel_work_sync(&glink->rx_work); + qcom_glink_cancel_rx_work(glink); ret = device_for_each_child(glink->dev, NULL, qcom_glink_remove_device); if (ret)