Commit-ID: 7f00f388712b29005782bad7e4b25942620f3b9c
Gitweb: http://git.kernel.org/tip/7f00f388712b29005782bad7e4b25942620f3b9c
Author: Jiri Olsa <jo...@kernel.org>
AuthorDate: Tue, 11 Apr 2017 09:14:46 +0200
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate: Tue, 11 Apr 2017 09:48:12 +0200
x86/intel_rdt: Fix locking in rdtgroup_schemata_write()
The schemata lock is released before freeing the resource's temporary
tmp_cbms allocation. That's racy versus another write which allocates and
uses new temporary storage, resulting in memory leaks, freeing in use
memory, double a free or any combination of those.
Move the unlock after the release code.
Fixes: 60ec2440c63d ("x86/intel_rdt: Add schemata file")
Signed-off-by: Jiri Olsa <jo...@kernel.org>
Cc: Fenghua Yu <fenghua...@intel.com>
Cc: Peter Zijlstra <a.p.zijls...@chello.nl>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Mike Galbraith <efa...@gmx.de>
Cc: Shaohua Li <s...@fb.com>
Cc: sta...@vger.kernel.org
Link: http://lkml.kernel.org/r/20170411071446.15241-1-jo...@kernel.org
Signed-off-by: Thomas Gleixner <t...@linutronix.de>
---
arch/x86/kernel/cpu/intel_rdt_schemata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_schemata.c
b/arch/x86/kernel/cpu/intel_rdt_schemata.c
index f369cb8..badd2b3 100644
--- a/arch/x86/kernel/cpu/intel_rdt_schemata.c
+++ b/arch/x86/kernel/cpu/intel_rdt_schemata.c
@@ -200,11 +200,11 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file
*of,
}
out:
- rdtgroup_kn_unlock(of->kn);
for_each_enabled_rdt_resource(r) {
kfree(r->tmp_cbms);
r->tmp_cbms = NULL;
}
+ rdtgroup_kn_unlock(of->kn);
return ret ?: nbytes;
}
