[PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths

[PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths

[Colin King]

From: Colin Ian King <colin.king@canonical.com>

A qed_spq_entry entry is allocated by qed_sp_init_request but is not
kfree'd if an error occurs, causing a memory leak. Fix this by
kfree'ing it and also setting *pp_ent to NULL to be safe.

Found with static analysis by CoverityScan, CIDs 1389468-1389470

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
index a39ef2e..273a6bb 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
@@ -55,8 +55,10 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
 		break;
 
 	case QED_SPQ_MODE_BLOCK:
-		if (!p_data->p_comp_data)
-			return -EINVAL;
+		if (!p_data->p_comp_data) {
+			rc = -EINVAL;
+			goto err;
+		}
 
 		p_ent->comp_cb.cookie = p_data->p_comp_data->cookie;
 		break;
@@ -71,7 +73,8 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
 	default:
 		DP_NOTICE(p_hwfn, "Unknown SPQE completion mode %d\n",
 			  p_ent->comp_mode);
-		return -EINVAL;
+		rc = -EINVAL;
+		goto err;
 	}
 
 	DP_VERBOSE(p_hwfn, QED_MSG_SPQ,
@@ -85,6 +88,11 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
 	memset(&p_ent->ramrod, 0, sizeof(p_ent->ramrod));
 
 	return 0;
+err:
+	kfree(*pp_ent);
+	*pp_ent = NULL;
+
+	return rc;
 }
 
 static enum tunnel_clss qed_tunn_get_clss_type(u8 type)
-- 
2.10.2

RE: [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths

[Mintz, Yuval]

> From: Colin Ian King <colin.king@canonical.com>
> 
> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
> if an error occurs, causing a memory leak. Fix this by kfree'ing it and also
> setting *pp_ent to NULL to be safe.
> 
> Found with static analysis by CoverityScan, CIDs 1389468-1389470
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
...
> +err:
> +	kfree(*pp_ent);
> +	*pp_ent = NULL;
> +
> +	return rc;
>  }

Hi Colin - thanks for this.
It would have been preferable to return the previously allocated spq entry.
I.e., do:

+err:
+	qed_spq_return_entry(p_hwfn, *pp_ent);
+	*pp_ent = NULL;
+	return rc;

Thanks,
Yuval

Re: [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths

[David Miller]

From: "Mintz, Yuval" <Yuval.Mintz@cavium.com>
Date: Sun, 18 Dec 2016 06:33:50 +0000

>> From: Colin Ian King <colin.king@canonical.com>
>> 
>> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
>> if an error occurs, causing a memory leak. Fix this by kfree'ing it and also
>> setting *pp_ent to NULL to be safe.
>> 
>> Found with static analysis by CoverityScan, CIDs 1389468-1389470
>> 
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ...
>> +err:
>> +	kfree(*pp_ent);
>> +	*pp_ent = NULL;
>> +
>> +	return rc;
>>  }
> 
> Hi Colin - thanks for this.
> It would have been preferable to return the previously allocated spq entry.
> I.e., do:
> 
> +err:
> +	qed_spq_return_entry(p_hwfn, *pp_ent);
> +	*pp_ent = NULL;
> +	return rc;

Looking at this last night, I came to the same conclusion.