From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755612AbcEaSBp (ORCPT ); Tue, 31 May 2016 14:01:45 -0400 Received: from mail-bl2on0147.outbound.protection.outlook.com ([65.55.169.147]:18608 "EHLO na01-bl2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754534AbcEaSBm convert rfc822-to-8bit (ORCPT ); Tue, 31 May 2016 14:01:42 -0400 X-Greylist: delayed 2058 seconds by postgrey-1.27 at vger.kernel.org; Tue, 31 May 2016 14:01:42 EDT From: Jake Oshins To: Vitaly Kuznetsov , "linux-pci@vger.kernel.org" CC: "linux-kernel@vger.kernel.org" , "devel@linuxdriverproject.org" , Bjorn Helgaas , Haiyang Zhang , KY Srinivasan Subject: RE: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback() Thread-Topic: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback() Thread-Index: AQHRun4W0qyuGoUhrUuD5JHTtdF8TJ/TTitQ Date: Tue, 31 May 2016 17:27:20 +0000 Message-ID: References: <1464617879-19581-1-git-send-email-vkuznets@redhat.com> <1464617879-19581-2-git-send-email-vkuznets@redhat.com> In-Reply-To: <1464617879-19581-2-git-send-email-vkuznets@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [2001:4898:80e8:8::293] x-ms-office365-filtering-correlation-id: 78cce316-78ac-4ec4-c20f-08d38978d269 x-microsoft-exchange-diagnostics: 1;DM2PR0301MB1232;5:aVu0yOc7E0n4wRToMhTDtFjRI9Ze9L7iW99MUkTaXdsYOrDYcD2Vt89VH5ay9LbJ44R/TEeT52tNdPBO5KMI6g9VVeLbhR7nIX4TuLidWgniOZPCQLlIpGr1lGNx++/pa3Bwo105vouCCR/8SHSAnw==;24:XY//GsV2QjznvXo904ck9psCj5Tlfa6itjXJ7zXn1rld/uAAIz/5Uk+7/pgg/Dw/oq/ESEshAtkQpxAk+ZnAaHu3xM7XudNycw04hCUTnfU=;7:MrEDBBSWKhVhrdIg8tfoHhlepVJMEUvYIJUqwUDtCNgheBBSGAT9CRtZaPzzetOKUGwjsOjkyPsofW1jFr4NqkJkNYtXLDU88Y1P9ywpYPgrjOWwo08vJ95VUnjSeIPU8i99t/sgiP23vhhJBEi8KznjsdCuNnt/W8nzFFvbhVhlAtW9/hhObFNs4JXVQHNbn2V/xZF7LnqLRoUcxHrNBQ== x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1232; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(9452136761055)(211936372134217); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038);SRVR:DM2PR0301MB1232;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB1232; x-forefront-prvs: 095972DF2F x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(377454003)(13464003)(4326007)(50986999)(33656002)(189998001)(77096005)(8936002)(102836003)(6116002)(76176999)(54356999)(9686002)(19580405001)(2906002)(5004730100002)(122556002)(106116001)(10290500002)(3280700002)(107886002)(74316001)(99286002)(81166006)(8676002)(2950100001)(87936001)(76576001)(92566002)(586003)(2900100001)(5005710100001)(86362001)(2501003)(3660700001)(5003600100002)(5001770100001)(10090500001)(4001430100002)(10400500002)(8990500004)(5002640100001)(5008740100001)(19580395003)(3826002);DIR:OUT;SFP:1102;SCL:1;SRVR:DM2PR0301MB1232;H:DM2PR0301MB1232.namprd03.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2016 17:27:20.6537 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB1232 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > -----Original Message----- > From: Vitaly Kuznetsov [mailto:vkuznets@redhat.com] > Sent: Monday, May 30, 2016 7:18 AM > To: linux-pci@vger.kernel.org > Cc: linux-kernel@vger.kernel.org; devel@linuxdriverproject.org; Bjorn > Helgaas ; Haiyang Zhang > ; KY Srinivasan ; Jake > Oshins > Subject: [PATCH 1/2] PCI: hv: don't leak buffer in hv_pci_onchannelcallback() > > We don't free buffer on several code paths in hv_pci_onchannelcallback(), > put kfree() to the end of the function to fix the issue. Direct { kfree(); > return; } can now be replaced with a simple 'break'; > > Signed-off-by: Vitaly Kuznetsov Acked-by: Jake Oshins > --- > drivers/pci/host/pci-hyperv.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c > index 7e9b2de..a68ec49 100644 > --- a/drivers/pci/host/pci-hyperv.c > +++ b/drivers/pci/host/pci-hyperv.c > @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void > *context) > * All incoming packets must be at least as large as a > * response. > */ > - if (bytes_recvd <= sizeof(struct pci_response)) { > - kfree(buffer); > - return; > - } > + if (bytes_recvd <= sizeof(struct pci_response)) > + break; > desc = (struct vmpacket_descriptor *)buffer; > > switch (desc->type) { > @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void > *context) > comp_packet->completion_func(comp_packet- > >compl_ctxt, > response, > bytes_recvd); > - kfree(buffer); > - return; > + break; > > case VM_PKT_DATA_INBAND: > > @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void > *context) > } > break; > } > + > + kfree(buffer); > } > > /** > -- > 2.5.5 This is a good fix. Thanks. -- Jake Oshins