If we add first socket to nbd, config->socks is malloced but
num_connections does not update(nsock's allocation fail), the memory
is leaked. Cause in later nbd_config_put(), will only free config->socks
when num_connections is not 0.
Let nsock's allocation first to avoid this.
Fixes: 03bf73c315ed ("nbd: prevent memory leak")
Signed-off-by: Zheng Bin <[email protected]>
---
v1->v2: modify comments
drivers/block/nbd.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 43cff01a5a67..3e7709317b17 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1037,21 +1037,22 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
return -EBUSY;
}
+ nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL);
+ if (!nsock) {
+ sockfd_put(sock);
+ return -ENOMEM;
+ }
+
socks = krealloc(config->socks, (config->num_connections + 1) *
sizeof(struct nbd_sock *), GFP_KERNEL);
if (!socks) {
sockfd_put(sock);
+ kfree(nsock);
return -ENOMEM;
}
config->socks = socks;
- nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL);
- if (!nsock) {
- sockfd_put(sock);
- return -ENOMEM;
- }
-
nsock->fallback_index = -1;
nsock->dead = false;
mutex_init(&nsock->tx_lock);
--
2.26.0.106.g9fadedd
> If we add first socket to nbd, config->socks is malloced but
> num_connections does not update(nsock's allocation fail), the memory
> is leaked. Cause in later nbd_config_put(), will only free config->socks
> when num_connections is not 0.
>
> Let nsock's allocation first to avoid this.
I suggest to improve this change description.
Can an other wording variant be nicer?
…
> +++ b/drivers/block/nbd.c
> @@ -1037,21 +1037,22 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
> return -EBUSY;
> }
>
> + nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL);
Please use the following code variant.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=4333a9b0b67bb4e8bcd91bdd80da80b0ec151162#n854
+ nsock = kzalloc(sizeof(*nsock), GFP_KERNEL);
…
> if (!socks) {
> sockfd_put(sock);
> + kfree(nsock);
> return -ENOMEM;
> }
Please take another software design possibility into account.
if (!socks) {
- sockfd_put(sock);
- return -ENOMEM;
+ kfree(nsock);
+ goto put_socket;
}
Regards,
Markus
On 2020/6/20 20:05, Markus Elfring wrote:
>> If we add first socket to nbd, config->socks is malloced but
>> num_connections does not update(nsock's allocation fail), the memory
>> is leaked. Cause in later nbd_config_put(), will only free config->socks
>> when num_connections is not 0.
>>
>> Let nsock's allocation first to avoid this.
> I suggest to improve this change description.
> Can an other wording variant be nicer?
em, how about this?
When adding first socket to nbd, if nsock's allocation fails, config->socks
is malloced but num_connections does not update, memory leak will
occur(Function
nbd_config_put will only free config->socks when num_connections is not 0).
>
>
> …
>> +++ b/drivers/block/nbd.c
>> @@ -1037,21 +1037,22 @@ static int nbd_add_socket(struct nbd_device *nbd, unsigned long arg,
>> return -EBUSY;
>> }
>>
>> + nsock = kzalloc(sizeof(struct nbd_sock), GFP_KERNEL);
> Please use the following code variant.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=4333a9b0b67bb4e8bcd91bdd80da80b0ec151162#n854
>
> + nsock = kzalloc(sizeof(*nsock), GFP_KERNEL);
>
>
> …
>> if (!socks) {
>> sockfd_put(sock);
>> + kfree(nsock);
>> return -ENOMEM;
>> }
> Please take another software design possibility into account.
>
> if (!socks) {
> - sockfd_put(sock);
> - return -ENOMEM;
> + kfree(nsock);
> + goto put_socket;
> }
>
>
> Regards,
> Markus
>
> .
>
>> Can an other wording variant be nicer?
>
> em, how about this?
>
>
> When adding first socket to nbd,
How do you think about to replace abbreviations by terms?
> if nsock's allocation fails,
… failed,
> config->socks is malloced
The data structure member “config->socks” was reallocated.
> but num_connections does not update,
But the data structure member “config->num_connections” was not updated.
> memory leak will occur(Function
> nbd_config_put will only free config->socks when num_connections is not 0).
A memory leak will occur then because the function “nbd_config_put”
will free “config->socks” only when “num_connections” is not zero.
Would you like to add an imperative wording to the commit message?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=625d3449788f85569096780592549d0340e9c0c7#n151
Regards,
Markus