user/sven/linux.git/drivers/misc/fastrpc.c, branch v5.4.23 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.4.23 2019-12-31T15:43:58Z misc: fastrpc: fix memory leak from miscdev->name 2019-12-31T15:43:58Z Srinivas Kandagatla srinivas.kandagatla@linaro.org 2019-10-09T14:41:20Z urn:sha1:6083bbaee80f6bc4e489c3648db9a23175b0c4a9 [ Upstream commit 2d10d2d170723e9278282458a6704552dcb77eac ] Fix a memory leak in miscdev->name by using devm_variant Orignally reported by kmemleak: [<ffffff80088b74d8>] kmemleak_alloc+0x50/0x84 [<ffffff80081e015c>] __kmalloc_track_caller+0xe8/0x168 [<ffffff8008371ab0>] kvasprintf+0x78/0x100 [<ffffff8008371c6c>] kasprintf+0x50/0x74 [<ffffff8008507f2c>] fastrpc_rpmsg_probe+0xd8/0x20c [<ffffff80086b63b4>] rpmsg_dev_probe+0xa8/0x148 [<ffffff80084de50c>] really_probe+0x208/0x248 [<ffffff80084de2dc>] driver_probe_device+0x98/0xc0 [<ffffff80084dec6c>] __device_attach_driver+0x9c/0xac [<ffffff80084dca8c>] bus_for_each_drv+0x60/0x8c [<ffffff80084de64c>] __device_attach+0x8c/0x100 [<ffffff80084de6e0>] device_initial_probe+0x20/0x28 [<ffffff80084dcbd0>] bus_probe_device+0x34/0x7c [<ffffff80084da32c>] device_add+0x420/0x498 [<ffffff80084da680>] device_register+0x24/0x2c Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Link: https://lore.kernel.org/r/20191009144123.24583-3-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach 2019-10-04T16:22:14Z Navid Emamdoost navid.emamdoost@gmail.com 2019-09-25T15:27:41Z urn:sha1:fc739a058d99c9297ef6bfd923b809d85855b9a9 In fastrpc_dma_buf_attach if dma_get_sgtable fails the allocated memory for a should be released. Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Link: https://lore.kernel.org/r/20190925152742.16258-1-navid.emamdoost@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: free dma buf scatter list 2019-09-04T11:35:11Z Srinivas Kandagatla srinivas.kandagatla@linaro.org 2019-08-29T09:29:26Z urn:sha1:cf61860e6b090bea4050c5688566bfe357cacd11 dma buf scatter list is never freed, free it! Orignally detected by kmemleak: backtrace: [<ffffff80088b7658>] kmemleak_alloc+0x50/0x84 [<ffffff8008373284>] sg_kmalloc+0x38/0x60 [<ffffff8008373144>] __sg_alloc_table+0x60/0x110 [<ffffff800837321c>] sg_alloc_table+0x28/0x58 [<ffffff800837336c>] __sg_alloc_table_from_pages+0xc0/0x1ac [<ffffff800837346c>] sg_alloc_table_from_pages+0x14/0x1c [<ffffff8008097a3c>] __iommu_get_sgtable+0x5c/0x8c [<ffffff800850a1d0>] fastrpc_dma_buf_attach+0x84/0xf8 [<ffffff80085114bc>] dma_buf_attach+0x70/0xc8 [<ffffff8008509efc>] fastrpc_map_create+0xf8/0x1e8 [<ffffff80085086f4>] fastrpc_device_ioctl+0x508/0x900 [<ffffff80082428c8>] compat_SyS_ioctl+0x128/0x200 [<ffffff80080832c4>] el0_svc_naked+0x34/0x38 [<ffffffffffffffff>] 0xffffffffffffffff Reported-by: Mayank Chopra <mak.chopra@codeaurora.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20190829092926.12037-6-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: fix double refcounting on dmabuf 2019-09-04T11:35:11Z Srinivas Kandagatla srinivas.kandagatla@linaro.org 2019-08-29T09:29:25Z urn:sha1:5672ff4dc3898b6b74c114de2f53e667ab5a0327 dma buf refcount has to be done by the driver which is going to use the fd. This driver already does refcount on the dmabuf fd if its actively using it but also does an additional refcounting via extra ioctl. This additional refcount can lead to memory leak in cases where the applications fail to call the ioctl to decrement the refcount. So remove this extra refcount in the ioctl More info of dma buf usage at drivers/dma-buf/dma-buf.c Reported-by: Mayank Chopra <mak.chopra@codeaurora.org> Reported-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20190829092926.12037-5-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: remove unused definition 2019-09-04T11:35:11Z Jorge Ramirez-Ortiz jorge.ramirez-ortiz@linaro.org 2019-08-29T09:29:24Z urn:sha1:15fe27f3162ee47c0363cd8cf53b351823479063 Remove unused INIT_MEMLEN_MAX define. Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Signed-off-by: Abhinav Asati <asatiabhi@codeaurora.org> Signed-off-by: Vamsi Singamsetty <vamssi@codeaurora.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20190829092926.12037-4-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: Don't reference rpmsg_device after remove 2019-09-04T11:35:10Z Bjorn Andersson bjorn.andersson@linaro.org 2019-08-29T09:29:23Z urn:sha1:2e369878bd4399283f2950dc4947cf44c857dd74 As fastrpc_rpmsg_remove() returns the rpdev of the channel context is no longer a valid object, so ensure to update the channel context to no longer reference the old object and guard in the invoke code path against dereferencing it. Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Mayank Chopra <mak.chopra@codeaurora.org> Signed-off-by: Abhinav Asati <asatiabhi@codeaurora.org> Signed-off-by: Vamsi Singamsetty <vamssi@codeaurora.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20190829092926.12037-3-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: Reference count channel context 2019-09-04T11:35:10Z Bjorn Andersson bjorn.andersson@linaro.org 2019-08-29T09:29:22Z urn:sha1:278d56f970ae6e0bcda8970e78e088e3efe43da8 The channel context is referenced from the fastrpc user and might as user space holds the file descriptor open outlive the fastrpc device, which is removed when the remote processor is shutting down. Reference count the channel context in order to retain this object until all references has been relinquished. Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Mayank Chopra <mak.chopra@codeaurora.org> Signed-off-by: Abhinav Asati <asatiabhi@codeaurora.org> Signed-off-by: Vamsi Singamsetty <vamssi@codeaurora.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20190829092926.12037-2-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: fix memory leak when out of memory 2019-07-25T12:46:17Z Jorge Ramirez-Ortiz jorge.ramirez-ortiz@linaro.org 2019-07-05T08:13:03Z urn:sha1:41db5f8397eee75afff82655a4884b5786a1d302 Do the necessary house-keeping if the allocated memory wont be used Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Link: https://lore.kernel.org/r/20190705081303.14170-1-jorge.ramirez-ortiz@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Merge 5.1-rc6 into char-misc-next 2019-04-21T21:14:47Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2019-04-21T21:14:47Z urn:sha1:3a26172437bb5ecdf6921e3ae24730ef37d3c860 We want the fixes, and this resolves a merge error in the fastrpc driver. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> misc: fastrpc: add checked value for dma_set_mask 2019-04-02T15:56:54Z Bo YU tsu.yubo@gmail.com 2019-03-28T07:47:37Z urn:sha1:01b76c32e3f30d54ab8ec1efeed3c6ecef7f6027 There be should check return value from dma_set_mask to throw some info if fail to set dma mask. Detected by CoverityScan, CID# 1443983: Error handling issues (CHECKED_RETURN) Fixes: f6f9279f2bf0 ("misc: fastrpc: Add Qualcomm fastrpc basic driver model") Signed-off-by: Bo YU <tsu.yubo@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>