In nvm_bb_chunk_sense alloc_page allocates memory which is released at
the end of the function. But if nvm_submit_io_sync_raw fails the error
check skips the release and leaks the allocated page. To fix this issue
I moved the __free_page call before error check.
Fixes: aff3fb18f957 ("lightnvm: move bad block and chunk state logic to core")
Signed-off-by: Navid Emamdoost <[email protected]>
---
drivers/lightnvm/core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/lightnvm/core.c b/drivers/lightnvm/core.c
index 7543e395a2c6..5fdae518f6c9 100644
--- a/drivers/lightnvm/core.c
+++ b/drivers/lightnvm/core.c
@@ -849,11 +849,12 @@ static int nvm_bb_chunk_sense(struct nvm_dev *dev, struct ppa_addr ppa)
rqd.ppa_addr = generic_to_dev_addr(dev, ppa);
ret = nvm_submit_io_sync_raw(dev, &rqd);
- if (ret)
- return ret;
__free_page(page);
+ if (ret)
+ return ret;
+
return rqd.error;
}
--
2.17.1
> To fix this issue I moved the __free_page call before error check.
Would the wording “Move the __free_page() call before the error check.”
be more succinct for the change description?
Can the following code variant be applied at the end of this function?
return ret ? ret : rqd.error;
Regards,
Markus
> On 30 Sep 2019, at 04.34, Navid Emamdoost <[email protected]> wrote:
>
> In nvm_bb_chunk_sense alloc_page allocates memory which is released at
> the end of the function. But if nvm_submit_io_sync_raw fails the error
> check skips the release and leaks the allocated page. To fix this issue
> I moved the __free_page call before error check.
>
> Fixes: aff3fb18f957 ("lightnvm: move bad block and chunk state logic to core")
> Signed-off-by: Navid Emamdoost <[email protected]>
> ---
> drivers/lightnvm/core.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/lightnvm/core.c b/drivers/lightnvm/core.c
> index 7543e395a2c6..5fdae518f6c9 100644
> --- a/drivers/lightnvm/core.c
> +++ b/drivers/lightnvm/core.c
> @@ -849,11 +849,12 @@ static int nvm_bb_chunk_sense(struct nvm_dev *dev, struct ppa_addr ppa)
> rqd.ppa_addr = generic_to_dev_addr(dev, ppa);
>
> ret = nvm_submit_io_sync_raw(dev, &rqd);
> - if (ret)
> - return ret;
>
> __free_page(page);
>
> + if (ret)
> + return ret;
> +
> return rqd.error;
> }
>
> --
> 2.17.1
You’re right, there is a leak here. Fix looks good to me.
Reviewed-by: Javier González <[email protected]>