Parav Pandit
2021-Feb-17 06:06 UTC
[PATCH linux-next v2] vdpa: Fix memory leak in error unwinding path
When device get command fails to find the device or mdev, it skips to free the skb during error unwinding path. Fix it by freeing in error unwind path. While at it, make error unwind path more clear to avoid such errors. Fixes: a12a2f694ce8 ("vdpa: Enable user to query vdpa device info") Signed-off-by: Parav Pandit <parav at nvidia.com> --- changelog: v1->v2: - Addressed Stefano's comment to make error unwind code more clear --- drivers/vdpa/vdpa.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c index 3d997b389345..da67f07e24fd 100644 --- a/drivers/vdpa/vdpa.c +++ b/drivers/vdpa/vdpa.c @@ -538,22 +538,22 @@ static int vdpa_nl_cmd_dev_get_doit(struct sk_buff *skb, struct genl_info *info) mutex_lock(&vdpa_dev_mutex); dev = bus_find_device(&vdpa_bus, NULL, devname, vdpa_name_match); if (!dev) { - mutex_unlock(&vdpa_dev_mutex); NL_SET_ERR_MSG_MOD(info->extack, "device not found"); - return -ENODEV; + err = -ENODEV; + goto err; } vdev = container_of(dev, struct vdpa_device, dev); if (!vdev->mdev) { - mutex_unlock(&vdpa_dev_mutex); - put_device(dev); - return -EINVAL; + err = -EINVAL; + goto mdev_err; } err = vdpa_dev_fill(vdev, msg, info->snd_portid, info->snd_seq, 0, info->extack); if (!err) err = genlmsg_reply(msg, info); +mdev_err: put_device(dev); +err: mutex_unlock(&vdpa_dev_mutex); - if (err) nlmsg_free(msg); return err; -- 2.26.2
Stefano Garzarella
2021-Feb-17 08:20 UTC
[PATCH linux-next v2] vdpa: Fix memory leak in error unwinding path
On Wed, Feb 17, 2021 at 08:06:14AM +0200, Parav Pandit wrote:>When device get command fails to find the device or mdev, >it skips to free the skb during error unwinding path. >Fix it by freeing in error unwind path. >While at it, make error unwind path more clear to avoid such errors. > >Fixes: a12a2f694ce8 ("vdpa: Enable user to query vdpa device info") >Signed-off-by: Parav Pandit <parav at nvidia.com> >--- >changelog: >v1->v2: > - Addressed Stefano's comment to make error unwind code more clear >--- > drivers/vdpa/vdpa.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > >diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c >index 3d997b389345..da67f07e24fd 100644 >--- a/drivers/vdpa/vdpa.c >+++ b/drivers/vdpa/vdpa.c >@@ -538,22 +538,22 @@ static int vdpa_nl_cmd_dev_get_doit(struct sk_buff *skb, struct genl_info *info) > mutex_lock(&vdpa_dev_mutex); > dev = bus_find_device(&vdpa_bus, NULL, devname, vdpa_name_match); > if (!dev) { >- mutex_unlock(&vdpa_dev_mutex); > NL_SET_ERR_MSG_MOD(info->extack, "device not found"); >- return -ENODEV; >+ err = -ENODEV; >+ goto err; > } > vdev = container_of(dev, struct vdpa_device, dev); > if (!vdev->mdev) { >- mutex_unlock(&vdpa_dev_mutex); >- put_device(dev); >- return -EINVAL; >+ err = -EINVAL; >+ goto mdev_err; > } > err = vdpa_dev_fill(vdev, msg, info->snd_portid, info->snd_seq, 0, info->extack); > if (!err) > err = genlmsg_reply(msg, info); >+mdev_err: > put_device(dev); >+err: > mutex_unlock(&vdpa_dev_mutex); >- > if (err) > nlmsg_free(msg); > return err; >-- >2.26.2 >Reviewed-by: Stefano Garzarella <sgarzare at redhat.com>