[U-Boot] [PATCH v2 2/4] disk: efi: Fix memory leak on 'gpt verify'

Tue May 7 07:02:52 UTC 2019

On Thu, 2 May 2019 14:27:04 +0200
Eugeniu Rosca <erosca at de.adit-jv.com> wrote:

> Below is what happens on R-Car H3ULCB-KF using clean U-Boot
> v2019.04-00810-g6aebc0d11a10 and r8a7795_ulcb_defconfig:
> 
>  => ### interrupt autoboot
>  => gpt verify mmc 1  
>  No partition list provided - only basic check
>  Verify GPT: success!
>  => ### keep calling 'gpt verify mmc 1'
>  => ### on 58th call, we are out of memory:
>  => gpt verify mmc 1  
>  alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT
> Entries GPT: Failed to allocate memory for PTE
>  gpt_verify_headers: *** ERROR: Invalid Backup GPT ***
>  Verify GPT: error!
> 
> This is caused by calling is_gpt_valid() twice (hence allocating pte
> also twice via alloc_read_gpt_entries()) while freeing pte only _once_
> in the caller of gpt_verify_headers(). Fix that by freeing the pte
> allocated and populated for primary GPT _before_ allocating and
> populating the pte for backup GPT. The latter will be freed by the
> caller of gpt_verify_headers().
> 
> With the fix applied, the reproduction scenario [1-2] has been run
> hundreds of times in a loop w/o running into OOM.
> 
> [1] gpt verify mmc 1
> [2] gpt verify mmc 1 $partitions
> 
> Fixes: cef68bf9042dda ("gpt: part: Definition and declaration of GPT
> verification functions") Signed-off-by: Eugeniu Rosca
> <erosca at de.adit-jv.com> Reviewed-by: Heinrich Schuchardt
> <xypron.glpk at gmx.de> --
> v2:
>  - Added Reviewed-by: Heinrich Schuchardt
> v1:
>  - https://patchwork.ozlabs.org/patch/1092943/
> ---
>  disk/part_efi.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/disk/part_efi.c b/disk/part_efi.c
> index 812d14cdd871..c0fa753339c8 100644
> --- a/disk/part_efi.c
> +++ b/disk/part_efi.c
> @@ -698,6 +698,10 @@ int gpt_verify_headers(struct blk_desc
> *dev_desc, gpt_header *gpt_head, __func__);
>  		return -1;
>  	}
> +
> +	/* Free pte before allocating again */
> +	free(*gpt_pte);
> +
>  	if (is_gpt_valid(dev_desc, (dev_desc->lba - 1),
>  			 gpt_head, gpt_pte) != 1) {
>  		printf("%s: *** ERROR: Invalid Backup GPT ***\n",

Reviewed-by: Lukasz Majewski <lukma at denx.de>

Best regards,

Lukasz Majewski

--

DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma at denx.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190507/61711568/attachment.sig>