Commit e163ff16 authored Nov 29, 2021 by Wang ShaoBo Committed by Zheng Zengkai Nov 29, 2021

arm64/mpam: Fix use-after-free in mkdir_resctrl_prepare()

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4K272


CVE: NA

-------------------------------------------------

We add label out_free_rdtgrp for handling error branch when it happened
before rmid and closid allocation, in case of reusing rdtgrp after freeing.

Fixes: 0b16164d ("arm64/mpam: Remap reqpartid,pmg to rmid and intpartid to closid")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Reviewed-by: Cheng Jian <cj.chengjian@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent e56e8310

fs/resctrlfs.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -749,7 +749,7 @@ static int mkdir_resctrl_prepare(struct kernfs_node *parent_kn,
		ret = closid_alloc();
		if (ret < 0) {
		rdt_last_cmd_puts("out of CLOSIDs\n");
		goto out_unlock;
		goto out_free_rdtgrp;
		}
		rdtgrp->closid.intpartid = ret;
		}
		@@ -819,10 +819,11 @@ static int mkdir_resctrl_prepare(struct kernfs_node *parent_kn,
		kernfs_remove(rdtgrp->kn);
		out_free_rmid:
		rmid_free(rdtgrp->mon.rmid);
		kfree(rdtgrp);
		out_free_closid:
		if (rdtgrp->type == RDTCTRL_GROUP)
		closid_free(rdtgrp->closid.intpartid);
		out_free_rdtgrp:
		kfree(rdtgrp);
		out_unlock:
		resctrl_group_kn_unlock(prgrp_kn);
		return ret;