From: Dinghao Liu <dinghao.liu@zju.edu.cn>
To: dinghao.liu@zju.edu.cn
Cc: Vishal Verma <vishal.l.verma@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
Dave Jiang <dave.jiang@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
nvdimm@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: [PATCH] nvdimm-btt: fix a potential memleak in btt_freelist_init
Date: Thu, 7 Dec 2023 11:43:32 +0800 [thread overview]
Message-ID: <20231207034332.24107-1-dinghao.liu@zju.edu.cn> (raw)
When an error happens in btt_freelist_init(), its caller
discover_arenas() will directly free arena, which makes
arena->freelist allocated in btt_freelist_init() a leaked
memory. Fix this by freeing arena->freelist in all error
handling paths of btt_freelist_init().
Fixes: 5212e11fde4d ("nd_btt: atomic sector updates")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
---
drivers/nvdimm/btt.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/nvdimm/btt.c b/drivers/nvdimm/btt.c
index d5593b0dc700..d8c4ba8bfdda 100644
--- a/drivers/nvdimm/btt.c
+++ b/drivers/nvdimm/btt.c
@@ -544,8 +544,10 @@ static int btt_freelist_init(struct arena_info *arena)
for (i = 0; i < arena->nfree; i++) {
new = btt_log_read(arena, i, &log_new, LOG_NEW_ENT);
- if (new < 0)
- return new;
+ if (new < 0) {
+ ret = new;
+ goto out_free;
+ }
/* old and new map entries with any flags stripped out */
log_oldmap = ent_lba(le32_to_cpu(log_new.old_map));
@@ -577,7 +579,7 @@ static int btt_freelist_init(struct arena_info *arena)
ret = btt_map_read(arena, le32_to_cpu(log_new.lba), &map_entry,
NULL, NULL, 0);
if (ret)
- return ret;
+ goto out_free;
/*
* The map_entry from btt_read_map is stripped of any flag bits,
@@ -594,11 +596,16 @@ static int btt_freelist_init(struct arena_info *arena)
ret = btt_map_write(arena, le32_to_cpu(log_new.lba),
le32_to_cpu(log_new.new_map), 0, 0, 0);
if (ret)
- return ret;
+ goto out_free;
}
}
return 0;
+
+out_free:
+ kfree(arena->freelist);
+ arena->freelist = NULL;
+ return ret;
}
static bool ent_is_padding(struct log_entry *ent)
--
2.17.1
next reply other threads:[~2023-12-07 4:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 3:43 Dinghao Liu [this message]
2023-12-07 15:43 ` [PATCH] nvdimm-btt: fix a potential memleak in btt_freelist_init Dave Jiang
2023-12-07 20:46 ` Ira Weiny
2023-12-08 6:35 ` dinghao.liu
2023-12-08 23:01 ` Ira Weiny
2023-12-09 16:27 ` dinghao.liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207034332.24107-1-dinghao.liu@zju.edu.cn \
--to=dinghao.liu@zju.edu.cn \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=ira.weiny@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.