* [PATCH v2] net: pch_gbe: Fix memory leaks
@ 2019-08-21 4:20 Wenwen Wang
2019-08-22 23:11 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Wenwen Wang @ 2019-08-21 4:20 UTC (permalink / raw)
To: Wenwen Wang
Cc: David S. Miller, Richard Fontana, Alexios Zavras, Allison Randal,
Greg Kroah-Hartman, Thomas Gleixner,
open list:NETWORKING DRIVERS, open list
In pch_gbe_set_ringparam(), if netif_running() returns false, 'tx_old' and
'rx_old' are not deallocated, leading to memory leaks. To fix this issue,
move the free statements to the outside of the if() statement.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
---
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
index 1a3008e..cb43919 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
@@ -340,12 +340,10 @@ static int pch_gbe_set_ringparam(struct net_device *netdev,
goto err_setup_tx;
pch_gbe_free_rx_resources(adapter, rx_old);
pch_gbe_free_tx_resources(adapter, tx_old);
- kfree(tx_old);
- kfree(rx_old);
- adapter->rx_ring = rxdr;
- adapter->tx_ring = txdr;
err = pch_gbe_up(adapter);
}
+ kfree(tx_old);
+ kfree(rx_old);
return err;
err_setup_tx:
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] net: pch_gbe: Fix memory leaks
2019-08-21 4:20 [PATCH v2] net: pch_gbe: Fix memory leaks Wenwen Wang
@ 2019-08-22 23:11 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2019-08-22 23:11 UTC (permalink / raw)
To: wenwen
Cc: rfontana, alexios.zavras, allison, gregkh, tglx, netdev, linux-kernel
From: Wenwen Wang <wenwen@cs.uga.edu>
Date: Tue, 20 Aug 2019 23:20:05 -0500
> In pch_gbe_set_ringparam(), if netif_running() returns false, 'tx_old' and
> 'rx_old' are not deallocated, leading to memory leaks. To fix this issue,
> move the free statements to the outside of the if() statement.
>
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Something still is not right here.
> diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
> index 1a3008e..cb43919 100644
> --- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
> +++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
> @@ -340,12 +340,10 @@ static int pch_gbe_set_ringparam(struct net_device *netdev,
> goto err_setup_tx;
> pch_gbe_free_rx_resources(adapter, rx_old);
> pch_gbe_free_tx_resources(adapter, tx_old);
> - kfree(tx_old);
> - kfree(rx_old);
> - adapter->rx_ring = rxdr;
> - adapter->tx_ring = txdr;
> err = pch_gbe_up(adapter);
> }
> + kfree(tx_old);
> + kfree(rx_old);
If the if() condition ending here is not taken, you cannot just free these
two pointers. You are then leaking the memory which would normally be
liberated by pch_gbe_free_rx_resources() and pch_gbe_free_tx_resources().
What's more, in this same situation, the rx_old->dma value is probably still
programmed into the hardware, and therefore the device still could potentially
DMA read/write to that memory.
I think the fix here is not simple, and you will need to do more extensive
research in order to fix this properly.
I'm not applying this, sorry.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-22 23:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-21 4:20 [PATCH v2] net: pch_gbe: Fix memory leaks Wenwen Wang
2019-08-22 23:11 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).