If the IDA id allocation fails, then the allocated memory for the
idxd_device struct doesn't get freed before returning NULL, which leads to
a memleak.
Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
Signed-off-by: Rafael Mendonca <[email protected]>
---
drivers/dma/idxd/init.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
index aa3478257ddb..fdc97519b8fb 100644
--- a/drivers/dma/idxd/init.c
+++ b/drivers/dma/idxd/init.c
@@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
idxd->data = data;
idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
- if (idxd->id < 0)
+ if (idxd->id < 0) {
+ kfree(idxd);
return NULL;
+ }
device_initialize(conf_dev);
conf_dev->parent = dev;
--
2.34.1
On Wed, Sep 14, 2022 at 08:08:14PM -0300, Rafael Mendonca wrote:
> If the IDA id allocation fails, then the allocated memory for the
> idxd_device struct doesn't get freed before returning NULL, which leads to
> a memleak.
>
> Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
> Signed-off-by: Rafael Mendonca <[email protected]>
I think there needs to be a kfree(idxd) where it checks rc < 0 after the call to dev_set_name() as well, yes?
Regards,
Jerry
> ---
> drivers/dma/idxd/init.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
> index aa3478257ddb..fdc97519b8fb 100644
> --- a/drivers/dma/idxd/init.c
> +++ b/drivers/dma/idxd/init.c
> @@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
> idxd->data = data;
> idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
> idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
> - if (idxd->id < 0)
> + if (idxd->id < 0) {
> + kfree(idxd);
> return NULL;
> + }
>
> device_initialize(conf_dev);
> conf_dev->parent = dev;
> --
> 2.34.1
>
On 9/14/2022 4:08 PM, Rafael Mendonca wrote:
> If the IDA id allocation fails, then the allocated memory for the
> idxd_device struct doesn't get freed before returning NULL, which leads to
> a memleak.
>
> Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
> Signed-off-by: Rafael Mendonca <[email protected]>
Thanks!
Reviewed-by: Dave Jiang <[email protected]>
> ---
> drivers/dma/idxd/init.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
> index aa3478257ddb..fdc97519b8fb 100644
> --- a/drivers/dma/idxd/init.c
> +++ b/drivers/dma/idxd/init.c
> @@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
> idxd->data = data;
> idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
> idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
> - if (idxd->id < 0)
> + if (idxd->id < 0) {
> + kfree(idxd);
> return NULL;
> + }
>
> device_initialize(conf_dev);
> conf_dev->parent = dev;
On 9/16/2022 8:36 AM, Jerry Snitselaar wrote:
> On Wed, Sep 14, 2022 at 08:08:14PM -0300, Rafael Mendonca wrote:
>> If the IDA id allocation fails, then the allocated memory for the
>> idxd_device struct doesn't get freed before returning NULL, which leads to
>> a memleak.
>>
>> Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
>> Signed-off-by: Rafael Mendonca <[email protected]>
> I think there needs to be a kfree(idxd) where it checks rc < 0 after the call to dev_set_name() as well, yes?
The idxd_conf_device_release() should take care of freeing idxd with the
put_device(). So I think we are good here.
>
> Regards,
> Jerry
>
>> ---
>> drivers/dma/idxd/init.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
>> index aa3478257ddb..fdc97519b8fb 100644
>> --- a/drivers/dma/idxd/init.c
>> +++ b/drivers/dma/idxd/init.c
>> @@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
>> idxd->data = data;
>> idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
>> idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
>> - if (idxd->id < 0)
>> + if (idxd->id < 0) {
>> + kfree(idxd);
>> return NULL;
>> + }
>>
>> device_initialize(conf_dev);
>> conf_dev->parent = dev;
>> --
>> 2.34.1
>>
On Fri, Sep 16, 2022 at 08:49:25AM -0700, Dave Jiang wrote:
>
> On 9/16/2022 8:36 AM, Jerry Snitselaar wrote:
> > On Wed, Sep 14, 2022 at 08:08:14PM -0300, Rafael Mendonca wrote:
> > > If the IDA id allocation fails, then the allocated memory for the
> > > idxd_device struct doesn't get freed before returning NULL, which leads to
> > > a memleak.
> > >
> > > Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
> > > Signed-off-by: Rafael Mendonca <[email protected]>
> > I think there needs to be a kfree(idxd) where it checks rc < 0 after the call to dev_set_name() as well, yes?
> The idxd_conf_device_release() should take care of freeing idxd with the
> put_device(). So I think we are good here.
Ah, right. Thanks.
Jerry
> >
> > Regards,
> > Jerry
> >
> > > ---
> > > drivers/dma/idxd/init.c | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
> > > index aa3478257ddb..fdc97519b8fb 100644
> > > --- a/drivers/dma/idxd/init.c
> > > +++ b/drivers/dma/idxd/init.c
> > > @@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
> > > idxd->data = data;
> > > idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
> > > idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
> > > - if (idxd->id < 0)
> > > + if (idxd->id < 0) {
> > > + kfree(idxd);
> > > return NULL;
> > > + }
> > > device_initialize(conf_dev);
> > > conf_dev->parent = dev;
> > > --
> > > 2.34.1
> > >
On Wed, Sep 14, 2022 at 08:08:14PM -0300, Rafael Mendonca wrote:
> If the IDA id allocation fails, then the allocated memory for the
> idxd_device struct doesn't get freed before returning NULL, which leads to
> a memleak.
>
> Fixes: 47c16ac27d4c ("dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime")
> Signed-off-by: Rafael Mendonca <[email protected]>
Reviewed-by: Jerry Snitselaar <[email protected]
> ---
> drivers/dma/idxd/init.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c
> index aa3478257ddb..fdc97519b8fb 100644
> --- a/drivers/dma/idxd/init.c
> +++ b/drivers/dma/idxd/init.c
> @@ -445,8 +445,10 @@ static struct idxd_device *idxd_alloc(struct pci_dev *pdev, struct idxd_driver_d
> idxd->data = data;
> idxd_dev_set_type(&idxd->idxd_dev, idxd->data->type);
> idxd->id = ida_alloc(&idxd_ida, GFP_KERNEL);
> - if (idxd->id < 0)
> + if (idxd->id < 0) {
> + kfree(idxd);
> return NULL;
> + }
>
> device_initialize(conf_dev);
> conf_dev->parent = dev;
> --
> 2.34.1
>
On 14-09-22, 20:08, Rafael Mendonca wrote:
> If the IDA id allocation fails, then the allocated memory for the
> idxd_device struct doesn't get freed before returning NULL, which leads to
> a memleak.
Applied, thanks
--
~Vinod