From: Ira Weiny <ira.weiny@intel.com>
To: Dave Jiang <dave.jiang@intel.com>, Dinghao Liu <dinghao.liu@zju.edu.cn>
Cc: Vishal Verma <vishal.l.verma@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
Ira Weiny <ira.weiny@intel.com>, <nvdimm@lists.linux.dev>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] nvdimm-btt: fix a potential memleak in btt_freelist_init
Date: Thu, 7 Dec 2023 12:46:34 -0800 [thread overview]
Message-ID: <65722f2a94d68_1c7b6229452@iweiny-mobl.notmuch> (raw)
In-Reply-To: <23a91617-4562-4399-a8c6-df2f3f28c7a9@intel.com>
Dave Jiang wrote:
>
[snip]
First off thanks for the patch. This code seems to have a few things to
clean up.
>
> On 12/6/23 20:43, Dinghao Liu wrote:
> > When an error happens in btt_freelist_init(), its caller
> > discover_arenas() will directly free arena, which makes
> > arena->freelist allocated in btt_freelist_init() a leaked
> > memory. Fix this by freeing arena->freelist in all error
> > handling paths of btt_freelist_init().
> >
> > Fixes: 5212e11fde4d ("nd_btt: atomic sector updates")
> > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
>
> How about use the new scope based resource management and we can avoid the goto mess altogether?
> https://lwn.net/Articles/934679/
>
The freelist is returned as part of arena. I've not traced both paths of
btt_freelist_init() completely but devm_kcalloc() looks like a better
solution here because this memory needs to live past the function scope.
That said, this patch does not completely fix freelist from leaking in the
following error path.
discover_arenas()
btt_freelist_init() -> ok (memory allocated)
btt_rtt_init() -> fail
goto out;
(leak because arena is not yet on btt->arena_list)
OR
btt_maplocks_init() -> fail
goto out;
(leak because arena is not yet on btt->arena_list)
This error could be fixed by adding to arena_list earlier but devm_*()
also takes care of this without having to worry about that logic.
On normal operation all of this memory can be free'ed with the
corresponding devm_kfree() and/or devm_add_action_*() calls if arenas come
and go. I'm not sure off the top of my head.
In addition, looking at this code. discover_arenas() could make use of
the scoped based management for struct btt_sb *super!
Dinghao would you be willing to submit a series of 2 or 3 patches to fix
the above issues?
Thanks!
Ira
next prev parent reply other threads:[~2023-12-07 20:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 3:43 [PATCH] nvdimm-btt: fix a potential memleak in btt_freelist_init Dinghao Liu
2023-12-07 15:43 ` Dave Jiang
2023-12-07 20:46 ` Ira Weiny [this message]
2023-12-08 6:35 ` dinghao.liu
2023-12-08 23:01 ` Ira Weiny
2023-12-09 16:27 ` dinghao.liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65722f2a94d68_1c7b6229452@iweiny-mobl.notmuch \
--to=ira.weiny@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dinghao.liu@zju.edu.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.