Wei Yongjun
2016-Aug-02  13:59 UTC
[PATCH -next] virtio: fix possible memory leak in virtqueue_add()
desc may malloced in virtqueue_add() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Signed-off-by: Wei Yongjun <weiyj.lk at gmail.com> --- drivers/virtio/virtio_ring.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 114a0c8..bda71ef 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -328,6 +328,7 @@ static inline int virtqueue_add(struct virtqueue *_vq, if (out_sgs) vq->notify(&vq->vq); END_USE(vq); + kfree(desc); return -ENOSPC; }
Michael S. Tsirkin
2016-Aug-02  14:04 UTC
[PATCH -next] virtio: fix possible memory leak in virtqueue_add()
On Tue, Aug 02, 2016 at 01:59:05PM +0000, Wei Yongjun wrote:> desc may malloced in virtqueue_add() and should be freed before > leaving from the error handling cases, otherwise it will cause > memory leak. > > Signed-off-by: Wei Yongjun <weiyj.lk at gmail.com> > --- > drivers/virtio/virtio_ring.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > index 114a0c8..bda71ef 100644 > --- a/drivers/virtio/virtio_ring.c > +++ b/drivers/virtio/virtio_ring.c > @@ -328,6 +328,7 @@ static inline int virtqueue_add(struct virtqueue *_vq, > if (out_sgs) > vq->notify(&vq->vq); > END_USE(vq); > + kfree(desc);I think only if indirect is true, otherwise you will free vq->vring.desc.> return -ENOSPC; > }
Wei Yongjun
2016-Aug-02  14:16 UTC
[PATCH -next v2] virtio: fix possible memory leak in virtqueue_add()
'desc' is malloced in virtqueue_add() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Signed-off-by: Wei Yongjun <weiyj.lk at gmail.com> --- drivers/virtio/virtio_ring.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 114a0c8..e4be912 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -328,6 +328,8 @@ static inline int virtqueue_add(struct virtqueue *_vq, if (out_sgs) vq->notify(&vq->vq); END_USE(vq); + if (indirect) + kfree(desc); return -ENOSPC; }
Michael S. Tsirkin
2016-Aug-03  04:22 UTC
[PATCH -next v2] virtio: fix possible memory leak in virtqueue_add()
On Tue, Aug 02, 2016 at 02:16:31PM +0000, Wei Yongjun wrote:> 'desc' is malloced in virtqueue_add() and should be freed before > leaving from the error handling cases, otherwise it will cause > memory leak. > > Signed-off-by: Wei Yongjun <weiyj.lk at gmail.com>Appliecd except I moved this to before END_USE - seems cleaner as alloc is caller after START_USE.> --- > drivers/virtio/virtio_ring.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > index 114a0c8..e4be912 100644 > --- a/drivers/virtio/virtio_ring.c > +++ b/drivers/virtio/virtio_ring.c > @@ -328,6 +328,8 @@ static inline int virtqueue_add(struct virtqueue *_vq, > if (out_sgs) > vq->notify(&vq->vq); > END_USE(vq); > + if (indirect) > + kfree(desc); > return -ENOSPC; > }
Apparently Analagous Threads
- [PATCH -next] virtio: fix possible memory leak in virtqueue_add()
- [PATCH -next v2] virtio: fix possible memory leak in virtqueue_add()
- [PATCH -next] virtio: balloon: fix missing unlock on error in fill_balloon()
- [PATCH -next] virtio: balloon: fix missing unlock on error in fill_balloon()
- [PATCH] xen-pciback: fix error return code in pcistub_irq_handler_switch()