LinuxLists.cc - [PATCH] iommu/sva: Fix memory leak in iommu_sva_bind

2023-12-13 11:09:20

Subject: [PATCH] iommu/sva: Fix memory leak in iommu_sva_bind_device()

Free the handle when the domain allocation fails before unlocking and
returning.

Fixes: 092edaddb660 ("iommu: Support mm PASID 1:n with sva domains")
Signed-off-by: Harshit Mogalapalli <[email protected]>
---
This is based on static analysis with smatch, only compile tested.
---
drivers/iommu/iommu-sva.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c
index 5175e8d85247..c3fc9201d0be 100644
--- a/drivers/iommu/iommu-sva.c
+++ b/drivers/iommu/iommu-sva.c
@@ -101,7 +101,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm
domain = iommu_sva_domain_alloc(dev, mm);
if (!domain) {
ret = -ENOMEM;
- goto out_unlock;
+ goto out_free_handle;
}

ret = iommu_attach_device_pasid(domain, dev, iommu_mm->pasid);
@@ -118,6 +118,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm

out_free_domain:
iommu_domain_free(domain);
+out_free_handle:
kfree(handle);
out_unlock:
mutex_unlock(&iommu_sva_lock);
--
2.39.3

2023-12-13 11:14:04

by Harshit Mogalapalli

[permalink] [raw]

Subject: Re: [PATCH] iommu/sva: Fix memory leak in iommu_sva_bind_device()

Hi,
On 13/12/23 4:37 pm, Harshit Mogalapalli wrote:
> Free the handle when the domain allocation fails before unlocking and
> returning.
>

Please ignore this patch, I have missed CCing correct list and few
maintainers, will resend it correctly.

Thanks,
Harshit
> Fixes: 092edaddb660 ("iommu: Support mm PASID 1:n with sva domains")
> Signed-off-by: Harshit Mogalapalli <[email protected]>
> ---
> This is based on static analysis with smatch, only compile tested.
> ---
> drivers/iommu/iommu-sva.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c
> index 5175e8d85247..c3fc9201d0be 100644
> --- a/drivers/iommu/iommu-sva.c
> +++ b/drivers/iommu/iommu-sva.c
> @@ -101,7 +101,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm
> domain = iommu_sva_domain_alloc(dev, mm);
> if (!domain) {
> ret = -ENOMEM;
> - goto out_unlock;
> + goto out_free_handle;
> }
>
> ret = iommu_attach_device_pasid(domain, dev, iommu_mm->pasid);
> @@ -118,6 +118,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm
>
> out_free_domain:
> iommu_domain_free(domain);
> +out_free_handle:
> kfree(handle);
> out_unlock:
> mutex_unlock(&iommu_sva_lock);