* [PATCH][V2] qed: fix memory leak of a qed_spq_entry on error failure paths
@ 2016-12-20 11:44 Colin King
2016-12-21 13:29 ` Mintz, Yuval
0 siblings, 1 reply; 3+ messages in thread
From: Colin King @ 2016-12-20 11:44 UTC (permalink / raw)
To: Yuval Mintz, Ariel Elior, everest-linux-l2, netdev; +Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
A qed_spq_entry entry is allocated by qed_sp_init_request but is not
kfree'd if an error occurs, causing a memory leak. Fix this by
returning the previously allocated spq entry and also setting *pp_ent
to NULL to be safe.
Thanks to Yuval Mintz for suggestions on how to improve my original
fix.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
index a39ef2e..d2034fa 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c
@@ -55,8 +55,10 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
break;
case QED_SPQ_MODE_BLOCK:
- if (!p_data->p_comp_data)
- return -EINVAL;
+ if (!p_data->p_comp_data) {
+ rc = -EINVAL;
+ goto err;
+ }
p_ent->comp_cb.cookie = p_data->p_comp_data->cookie;
break;
@@ -71,7 +73,8 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
default:
DP_NOTICE(p_hwfn, "Unknown SPQE completion mode %d\n",
p_ent->comp_mode);
- return -EINVAL;
+ rc = -EINVAL;
+ goto err;
}
DP_VERBOSE(p_hwfn, QED_MSG_SPQ,
@@ -85,6 +88,10 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn,
memset(&p_ent->ramrod, 0, sizeof(p_ent->ramrod));
return 0;
+err:
+ qed_spq_return_entry(p_hwfn, *pp_ent);
+ *pp_ent = NULL;
+ return rc;
}
static enum tunnel_clss qed_tunn_get_clss_type(u8 type)
--
2.10.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [PATCH][V2] qed: fix memory leak of a qed_spq_entry on error failure paths
2016-12-20 11:44 [PATCH][V2] qed: fix memory leak of a qed_spq_entry on error failure paths Colin King
@ 2016-12-21 13:29 ` Mintz, Yuval
2016-12-21 14:28 ` Colin Ian King
0 siblings, 1 reply; 3+ messages in thread
From: Mintz, Yuval @ 2016-12-21 13:29 UTC (permalink / raw)
To: Colin King, netdev; +Cc: linux-kernel, Elior, Ariel, Tayar, Tomer
> From: Colin Ian King <colin.king@canonical.com>
>
> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
> if an error occurs, causing a memory leak. Fix this by returning the previously
> allocated spq entry and also setting *pp_ent to NULL to be safe.
>
> Thanks to Yuval Mintz for suggestions on how to improve my original fix.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
We've given it a more thorough look, and apparently this isn't the correct fix.
So I'll start by saying sorry for making you send this V2 needlessly.
It boils down to the fact there are two kinds of SPQ entries -
Those originating from the 'free_pool' and those from the 'unlimited_pending'.
Only those originating from the free_pool should be returned
using the qed_spq_return_entry(), as only those actually point to a valid
dma-mapped memory where FW expects to find the entries;
Returning the other kind would lead to assertions later,
as driver would post a ramrod to FW which actually points to address 0.
Looking at the error flows, it seems possible this isn't the only faulty
error flow in the SPQ. I suggest you'd drop this and we'll take it from
here [although if you really have the urge to continue - please do].
Thanks,
Yuval
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH][V2] qed: fix memory leak of a qed_spq_entry on error failure paths
2016-12-21 13:29 ` Mintz, Yuval
@ 2016-12-21 14:28 ` Colin Ian King
0 siblings, 0 replies; 3+ messages in thread
From: Colin Ian King @ 2016-12-21 14:28 UTC (permalink / raw)
To: Mintz, Yuval, netdev; +Cc: linux-kernel, Elior, Ariel, Tayar, Tomer
On 21/12/16 13:29, Mintz, Yuval wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> A qed_spq_entry entry is allocated by qed_sp_init_request but is not kfree'd
>> if an error occurs, causing a memory leak. Fix this by returning the previously
>> allocated spq entry and also setting *pp_ent to NULL to be safe.
>>
>> Thanks to Yuval Mintz for suggestions on how to improve my original fix.
>>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> We've given it a more thorough look, and apparently this isn't the correct fix.
> So I'll start by saying sorry for making you send this V2 needlessly.
>
> It boils down to the fact there are two kinds of SPQ entries -
> Those originating from the 'free_pool' and those from the 'unlimited_pending'.
> Only those originating from the free_pool should be returned
> using the qed_spq_return_entry(), as only those actually point to a valid
> dma-mapped memory where FW expects to find the entries;
> Returning the other kind would lead to assertions later,
> as driver would post a ramrod to FW which actually points to address 0.
>
> Looking at the error flows, it seems possible this isn't the only faulty
> error flow in the SPQ. I suggest you'd drop this and we'll take it from
> here [although if you really have the urge to continue - please do].
>
> Thanks,
> Yuval
>
>
Sure, lets drop my fixes, I'm out of time on this for 2016 anyhow.
Colin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-21 15:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-20 11:44 [PATCH][V2] qed: fix memory leak of a qed_spq_entry on error failure paths Colin King
2016-12-21 13:29 ` Mintz, Yuval
2016-12-21 14:28 ` Colin Ian King
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).