[PATCH 4.8 035/138] cxl: Fix leaking pid refs in some error paths

From: Greg Kroah-Hartman
Date: Wed Nov 09 2016 - 06:06:22 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.8 036/138] btrfs: fix races on root_log_ctx lists"
Previous message: Greg Kroah-Hartman: "[PATCH 4.8 000/138] 4.8.7-stable review"
In reply to: Greg Kroah-Hartman: "[PATCH 4.8 008/138] gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.8 036/138] btrfs: fix races on root_log_ctx lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.8-stable review patch. If anyone has any objections, please let me know.

------------------

From: Vaibhav Jain <vaibhav@xxxxxxxxxxxxxxxxxx>

commit a05b82d5149dfeef05254a11c3636a89a854520a upstream.

In some error paths in functions cxl_start_context and
afu_ioctl_start_work pid references to the current & group-leader tasks
can leak after they are taken. This patch fixes these error paths to
release these pid references before exiting the error path.

Fixes: 7b8ad495d592 ("cxl: Fix DSI misses when the context owning task exits")
Reviewed-by: Andrew Donnellan <andrew.donnellan@xxxxxxxxxxx>
Reported-by: Frederic Barrat <fbarrat@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Vaibhav Jain <vaibhav@xxxxxxxxxxxxxxxxxx>
Acked-by: Frederic Barrat <fbarrat@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/misc/cxl/api.c | 2 ++
drivers/misc/cxl/file.c | 22 +++++++++++++---------
2 files changed, 15 insertions(+), 9 deletions(-)

--- a/drivers/misc/cxl/api.c
+++ b/drivers/misc/cxl/api.c
@@ -247,7 +247,9 @@ int cxl_start_context(struct cxl_context
cxl_ctx_get();

if ((rc = cxl_ops->attach_process(ctx, kernel, wed, 0))) {
+ put_pid(ctx->glpid);
put_pid(ctx->pid);
+ ctx->glpid = ctx->pid = NULL;
cxl_adapter_context_put(ctx->afu->adapter);
cxl_ctx_put();
goto out;
--- a/drivers/misc/cxl/file.c
+++ b/drivers/misc/cxl/file.c
@@ -194,6 +194,16 @@ static long afu_ioctl_start_work(struct
ctx->mmio_err_ff = !!(work.flags & CXL_START_WORK_ERR_FF);

/*
+ * Increment the mapped context count for adapter. This also checks
+ * if adapter_context_lock is taken.
+ */
+ rc = cxl_adapter_context_get(ctx->afu->adapter);
+ if (rc) {
+ afu_release_irqs(ctx, ctx);
+ goto out;
+ }
+
+ /*
* We grab the PID here and not in the file open to allow for the case
* where a process (master, some daemon, etc) has opened the chardev on
* behalf of another process, so the AFU's mm gets bound to the process
@@ -205,15 +215,6 @@ static long afu_ioctl_start_work(struct
ctx->pid = get_task_pid(current, PIDTYPE_PID);
ctx->glpid = get_task_pid(current->group_leader, PIDTYPE_PID);

- /*
- * Increment the mapped context count for adapter. This also checks
- * if adapter_context_lock is taken.
- */
- rc = cxl_adapter_context_get(ctx->afu->adapter);
- if (rc) {
- afu_release_irqs(ctx, ctx);
- goto out;
- }

trace_cxl_attach(ctx, work.work_element_descriptor, work.num_interrupts, amr);

@@ -221,6 +222,9 @@ static long afu_ioctl_start_work(struct
amr))) {
afu_release_irqs(ctx, ctx);
cxl_adapter_context_put(ctx->afu->adapter);
+ put_pid(ctx->glpid);
+ put_pid(ctx->pid);
+ ctx->glpid = ctx->pid = NULL;
goto out;
}

Next message: Greg Kroah-Hartman: "[PATCH 4.8 036/138] btrfs: fix races on root_log_ctx lists"
Previous message: Greg Kroah-Hartman: "[PATCH 4.8 000/138] 4.8.7-stable review"
In reply to: Greg Kroah-Hartman: "[PATCH 4.8 008/138] gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.8 036/138] btrfs: fix races on root_log_ctx lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]