* [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths
@ 2016-12-16 12:50 Colin King
2016-12-18 6:33 ` Mintz, Yuval
0 siblings, 1 reply; 3+ messages in thread
From: Colin King @ 2016-12-16 12:50 UTC (permalink / raw)
To: Yuval Mintz, Ariel Elior, everest-linux-l2, netdev; +Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
A qed_spq_entry entry is allocated by qed_sp_init_request but is not
kfree'd if an error occurs, causing a memory leak. Fix this by
kfree'ing it and also setting *pp_ent to NULL to be safe.
Found with static analysis by CoverityScan, CIDs 1389468-1389470
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
index a39ef2e..273a6bb 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
@@ -55,8 +55,10 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
break;
case QED_SPQ_MODE_BLOCK:
- if (!p_data->p_comp_data)
- return -EINVAL;
+ if (!p_data->p_comp_data) {
+ rc = -EINVAL;
+ goto err;
+ }
p_ent->comp_cb.cookie = p_data->p_comp_data->cookie;
break;
@@ -71,7 +73,8 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
default:
DP_NOTICE(p_hwfn, "Unknown SPQE completion mode %d\n",
p_ent->comp_mode);
- return -EINVAL;
+ rc = -EINVAL;
+ goto err;
}
DP_VERBOSE(p_hwfn, QED_MSG_SPQ,
@@ -85,6 +88,11 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
memset(&p_ent->ramrod, 0, sizeof(p_ent->ramrod));
return 0;
+err:
+ kfree(*pp_ent);
+ *pp_ent = NULL;
+
+ return rc;
}
static enum tunnel_clss qed_tunn_get_clss_type(u8 type)
--
2.10.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths
2016-12-16 12:50 [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths Colin King
@ 2016-12-18 6:33 ` Mintz, Yuval
2016-12-18 15:37 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Mintz, Yuval @ 2016-12-18 6:33 UTC (permalink / raw)
To: Colin King, netdev; +Cc: linux-kernel, Elior, Ariel, Tayar, Tomer
> From: Colin Ian King <colin.king@canonical.com>
>
> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
> if an error occurs, causing a memory leak. Fix this by kfree'ing it and also
> setting *pp_ent to NULL to be safe.
>
> Found with static analysis by CoverityScan, CIDs 1389468-1389470
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
...
> +err:
> + kfree(*pp_ent);
> + *pp_ent = NULL;
> +
> + return rc;
> }
Hi Colin - thanks for this.
It would have been preferable to return the previously allocated spq entry.
I.e., do:
+err:
+ qed_spq_return_entry(p_hwfn, *pp_ent);
+ *pp_ent = NULL;
+ return rc;
Thanks,
Yuval
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths
2016-12-18 6:33 ` Mintz, Yuval
@ 2016-12-18 15:37 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2016-12-18 15:37 UTC (permalink / raw)
To: Yuval.Mintz; +Cc: colin.king, netdev, linux-kernel, Ariel.Elior, Tomer.Tayar
From: "Mintz, Yuval" <Yuval.Mintz@cavium.com>
Date: Sun, 18 Dec 2016 06:33:50 +0000
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
>> if an error occurs, causing a memory leak. Fix this by kfree'ing it and also
>> setting *pp_ent to NULL to be safe.
>>
>> Found with static analysis by CoverityScan, CIDs 1389468-1389470
>>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ...
>> +err:
>> + kfree(*pp_ent);
>> + *pp_ent = NULL;
>> +
>> + return rc;
>> }
>
> Hi Colin - thanks for this.
> It would have been preferable to return the previously allocated spq entry.
> I.e., do:
>
> +err:
> + qed_spq_return_entry(p_hwfn, *pp_ent);
> + *pp_ent = NULL;
> + return rc;
Looking at this last night, I came to the same conclusion.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-18 15:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-16 12:50 [PATCH] qed: fix memory leak of a qed_spq_entry on error failure paths Colin King
2016-12-18 6:33 ` Mintz, Yuval
2016-12-18 15:37 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.