On 11/10/20 6:08 AM, Nathan Lynch wrote: > Zhang Xiaoxu <zhangxiao...@huawei.com> writes: >> From: zhangxiaoxu <zhangxiao...@huawei.com> >> >> If the cpus nodes not exist, we lost to free the 'cpu_drcs', which >> will leak memory. >> >> Fixes: a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in >> error path") >> Reported-by: Hulk Robot <hul...@huawei.com> >> Signed-off-by: zhangxiaoxu <zhangxiao...@huawei.com> >> --- >> arch/powerpc/platforms/pseries/hotplug-cpu.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c >> b/arch/powerpc/platforms/pseries/hotplug-cpu.c >> index f2837e33bf5d..4bb1c9f2bb11 100644 >> --- a/arch/powerpc/platforms/pseries/hotplug-cpu.c >> +++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c >> @@ -743,6 +743,7 @@ static int dlpar_cpu_add_by_count(u32 cpus_to_add) >> parent = of_find_node_by_path("/cpus"); >> if (!parent) { >> pr_warn("Could not find CPU root node in device tree\n"); >> + kfree(cpu_drcs); >> return -1; >> } > > Thanks for finding this. > > a0ff72f9f5a7 ("powerpc/pseries/hotplug-cpu: Remove double free in error > path") was posted in Sept 2019 but was not applied until July 2020: > > https://lore.kernel.org/linuxppc-dev/20190919231633.1344-1-nath...@linux.ibm.com/ > > Here is that change as posted; note the function context is > find_dlpar_cpus_to_add(), not dlpar_cpu_add_by_count(): > > --- a/arch/powerpc/platforms/pseries/hotplug-cpu.c > +++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c > @@ -726,7 +726,6 @@ static int find_dlpar_cpus_to_add(u32 *cpu_drcs, u32 > cpus_to_add) > parent = of_find_node_by_path("/cpus"); > if (!parent) { > pr_warn("Could not find CPU root node in device tree\n"); > - kfree(cpu_drcs); > return -1; > } > > Meanwhile b015f6bc9547dbc056edde7177c7868ca8629c4c ("powerpc/pseries: Add > cpu DLPAR support for drc-info property") was posted in Nov 2019 and > committed a few days later: > > https://lore.kernel.org/linux-pci/1573449697-5448-4-git-send-email-tyr...@linux.ibm.com/ > > This change reorganized the same code, removing > find_dlpar_cpus_to_add(), and it had the effect of fixing the same > issue. > > However git apparently allowed the older change to still apply on top of > this (changing a function different from the one in the original > patch!), leading to a real bug.
Yikes, not sure how that happened without either the committer massaging the patch to apply, or the line location and context matching exactly. > > Your patch is correct but it should be framed as a revert of > a0ff72f9f5a7 with this context in the commit message. > Agreed, in reality we want to revert a patch that shouldn't have been applied. -Tyrel